Date: Thu, 13 Nov 2003 12:46:24 -0500 From: Vincent Goupil <vgoupil@alis.com> To: "'freebsd-ipfw@freebsd.org'" <freebsd-ipfw@freebsd.org>, "'freebsd-net@freebsd.org'" <freebsd-net@freebsd.org>, "'freebsd-isp@freebsd.org'" <freebsd-isp@freebsd.org> Subject: IPSec VPN & NATD (problem with alias_address vs redirect_address) Message-ID: <F7D4BDA0E5A1D14B99D32C022AEB7366FE109C@alis-2k.alis.domain>
next in thread | raw e-mail | index | archive | help
I setup a firewall with ipfw2 and natd on freebsd 4.9 release. I have mapped my subnet with alias_address I have mapped 4 private ip address with 4 public ip address Everything is working fine (web, email, ftp, etc..) for outgoing and incoming connexion for anyone on my network. With this configuration, 5 person at a time (on my network) could dial = to the same VPN server. 4 with different IP and the one with the alias_address. I supposed = that only one person at a time can use the alias_address with the IPSec VPN = (I think, tell me if I'm wrong) I have authorized AH and ESP to pass through my firewall. Also incoming UDP 500 I'm able to use the VPN for the people mapped with alias_address. I can't use the VPN with the people using the redirect_address. Is there any problem with the redirect_address directive with natd for = the protocol 51 and 51. Is there any other way to have these 5 people at the same time to communicate to the same vpn server ? I though that I could use the redirect_address to do that. So the = incoming connexion to the VPN server appear from a different IP source address. Vincent Goupil Administrateur r=E9seau / Network administrator
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F7D4BDA0E5A1D14B99D32C022AEB7366FE109C>