From owner-freebsd-jail@FreeBSD.ORG  Fri Jun  6 05:39:55 2008
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0E2ED1065671
	for <freebsd-jail@freebsd.org>; Fri,  6 Jun 2008 05:39:55 +0000 (UTC)
	(envelope-from nbari@k9.cx)
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30])
	by mx1.freebsd.org (Postfix) with ESMTP id C02D48FC12
	for <freebsd-jail@freebsd.org>; Fri,  6 Jun 2008 05:39:54 +0000 (UTC)
	(envelope-from nbari@k9.cx)
Received: by yw-out-2324.google.com with SMTP id 9so487800ywe.13
	for <freebsd-jail@freebsd.org>; Thu, 05 Jun 2008 22:39:54 -0700 (PDT)
Received: by 10.150.212.17 with SMTP id k17mr2853694ybg.68.1212729112466;
	Thu, 05 Jun 2008 22:11:52 -0700 (PDT)
Received: from ?192.168.1.10? ( [148.244.166.166])
	by mx.google.com with ESMTPS id j13sm6076611rne.0.2008.06.05.22.11.50
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Thu, 05 Jun 2008 22:11:51 -0700 (PDT)
Message-Id: <4F5A1DE6-3E56-4F53-9C0F-90D318DF8AC7@k9.cx>
From: Nicolas de Bari Embriz Garcia Rojas <nbari@k9.cx>
To: freebsd-jail@freebsd.org
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v924)
Date: Fri, 6 Jun 2008 00:11:49 -0500
X-Mailer: Apple Mail (2.924)
Subject: ipsec
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2008 05:39:55 -0000

I had to make an VPN using IPSEC, the vpn is on the master host and is  
working but if it is only available from the master host not the  
jails, how can i make the jails to ping/access/telnet the VPN?

I have something like this:

192.10.10.1---->A.A.A.A<------VPN /INTERNET--------->B.B.B.B--- 
 >196.18.20.121
              jails1 --->A.A.A.1  _|
	     jails2 --->A.A.A.2  _|


the jail1 is the one that needs the vpn to acces but if y try to ping  
196.18.20.121 from jail1 with public IP (A.A.A.1) does not get any  
response, the VPN is only working from the master host.

Any ideas on how to fixt this?

my kernel has already compiled with:

options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
options IPSEC_FILTERGIF
device  crypto
device  enc
options IPSEC_NAT_T

regards

--
 > nbari