Date: Fri, 11 Oct 2002 16:18:39 -0400 (EDT) From: Jason Hunt <leth@primus.ca> To: freebsd-questions@FreeBSD.ORG Cc: MrWebby <mrwebby@bigfoot.com> Subject: Re: IPsec Tunneling (VPN) from WIN2K (client) to FreeBSD (Server) Message-ID: <20021011160625.L59753-100000@lethargic.dyndns.org> In-Reply-To: <3DA72972.7030706@bigfoot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Oct 2002, MrWebby wrote:
> I need to enable tunnels from my laptop running Windows 2000 Pro to
> my FreeBSD 4.6. I have a Cable Modem link to the Internet and for my
> firewall and NAT router I use a D-Link 707 Residencial Router capable
> of allowing VPN using IPsec 'only'.
> ----------
> VPN Sever Gateway | |
> ----------- ----------- | |
> 192.168.0.3 -------- 192.168.0.1 ----------------------- Internet |
> ----------- ----------- | |
> FreeBSD 4.6 xxx.xxx.xxx.xxx | |
> ----------
> -IPsec Enabled IPsec: |
> -Running Racoon -ESP mode |
> -Setkey -In Tunnel Mode (DUH!) |
> -OpenSSL Certificates -DES encryption |
> -psk.txt -ESP mode with no encapsulation |
> -VPN Sever: PoPToPt -no Integrity |
> -Pre-Shared keys |
> |
> |
> |
> Client |
> ------------- |
> 192.168.0.226 ---------------------------------------|
> -------------
> Windows 2000 Pro
>
> -IPsec enabled
> -Certificate Install
>
The D-Link Router ("gateway" in the diagram) is performing NAT, correct?
Is your laptop ("Client") behind NAT as well? Your diagram does not make
this entirely clear.
However, assuming the above two questions are true, then that is your
problem right there. IPSec will not work behind NAT, since the packets
are altered by the NAT gateway. Make sense?
In such a scenario, the gateway itself should become your IPSec server.
The same goes for your client, assuming it is behind a NAT gateway as
well.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021011160625.L59753-100000>