Date: Sat, 20 Jan 2001 23:24:21 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: The Babbler <bts@babbleon.org> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: IPSEC tunnelling Message-ID: <20010120232421.O10761@rfx-216-196-73-168.users.reflex> In-Reply-To: <3A6A7655.E428629D@babbleon.org>; from bts@babbleon.org on Sun, Jan 21, 2001 at 12:40:37AM -0500 References: <3A6A7655.E428629D@babbleon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 21, 2001 at 12:40:37AM -0500, The Babbler wrote: > > I realize that the official charter of this group is to work on the > *new* firewall code, and I'm working at RELEASE, which doesn't qualify, > but I have tried freebsd-questions and been met with overwhelming > silence, and this seems to me to be the closest group, so I hope you > folks will be willing to indulge me. And pointing me at the doc is more > than fine. I've tried searching the www.freebsd.org site, but didn't > find anything relavent there. Of course I can't recall any occaison > when I ever have . . . > > Anyway, I'm trying to get my FreeBSD gateway/firewall machine set up so > that it will allow my wife's VPN access to work; this requires IPSEC > packets to get through. > > Has anybody done this? Any helpful hints? Yes, I have done it. But it depends on the VPN implementation. NAT, the basic concept, not natd(8), just plain breaks some aspects of IPSEC. If the VPN you are trying to use enforces a policy that will not work through NAT... it won't work through NAT. Do you know what the policies of the VPN are? What do the logs on the client (which you should have access to) and the server (which you may not have access to) look like? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010120232421.O10761>