Date: Fri, 4 May 2001 15:44:56 -0700 From: steve@Watt.COM (Steve Watt) To: questions@freebsd.org Cc: freebsd@hermans.ca Subject: Re: VPN solutions ... using IPSEC *AND* NAT Message-ID: <200105042244.f44MiuY92230@wattres.Watt.COM> In-Reply-To: <000001c0d46e$2feb6160$6419a8c0@jamie>
next in thread | previous in thread | raw e-mail | index | archive | help
In article <000001c0d46e$2feb6160$6419a8c0@jamie> freebsd@hermans.ca wrote: >Has anyone been successful getting IPSEC and NAT to play nicely together? > >I'm currently using a PPP over SSH tunnel, but ideally would like to get >something working that was not client -> server based as is with this PPP >setup. > >Any pointers would be GREATLY appreciated. Is the machine that's doing NAT the same as the machine doing IPsec? If not, you'll have to arrange for IP protocol 50 to be passed (and NATed) through your translator. If your translator is some flavor of router (don't remember which at the instant), opening UDP port 500 for ISAKMP will automagically redirect proto 50 and 51 (esp and ah), but that isn't universal behavior. Now, if someone wants to update libalias so it handles IPPROTO_ESP... -- Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9" Internet: steve @ Watt.COM Whois: SW32 Free time? There's no such thing. It just comes in varying prices... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105042244.f44MiuY92230>