From owner-freebsd-security@FreeBSD.ORG Wed Mar 3 11:05:05 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F53116A4CE for ; Wed, 3 Mar 2004 11:05:05 -0800 (PST) Received: from gi.sourcefire.com (gi.sourcefire.com [12.110.105.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2BBF043D31 for ; Wed, 3 Mar 2004 11:05:05 -0800 (PST) (envelope-from nigel@sourcefire.com) Received: from localhost ([10.4.10.172]) (AUTH: PLAIN nhoughton, TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA) by gi.sourcefire.com with esmtp; Wed, 03 Mar 2004 14:05:03 -0500 Date: Wed, 3 Mar 2004 14:01:45 -0500 From: Nigel Houghton To: Simon Taylor Message-ID: <20040303190145.GA662@enterprise.sfeng.sourcefire.com> References: <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline In-Reply-To: <54FEFDDAD23D8A4683BE2F3CD9D1D2A9020AA0@orion.genient.com> User-Agent: Mutt/1.4.2i cc: freebsd-security@freebsd.org Subject: Re: FreeBSD ipsec and NAT X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Mar 2004 19:05:05 -0000 This appears to be off-topic for this list, but here are some resources you might wish to look at... http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html http://www.freebsddiary.org/ipsec-tunnel.php http://www.daemonnews.org/200101/ipsec-howto.html I'm sure there will be more available via Google. On 0, Simon Taylor allegedly wrote: > Hi All, > I currently have setup a site to site vpn using racoon on my freebsd > firewall. All is well there and I can connect through the vpn when I am > on the firewall and get the connection fine. > Now I want to be able to connect from other machines through the > firewall - this is where I come unstuck, the ipsec policy allows for my > external address range to connect through the vpn, but then I would like > my internal addresses to first get translated and then routed through > the tunnel. But instead when I connect with my internal addresses they > get translated, but then try and use the conventional gateway on the > machine instead of picking up the ipsec policy. > If that makes sense... I am using FreeBSD, ipf, ipnat and racoon. > Any help appreciated > Simon > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > ------------------------------------------------------------- Nigel Houghton Research Engineer Sourcefire Inc. Vulnerability Research Team In an emergency situation involving two or more officers of equal rank, seniority will be granted to whichever officer can program a vcr.