From owner-freebsd-net@FreeBSD.ORG  Thu Apr 24 12:13:32 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 92976106566C
	for <freebsd-net@freebsd.org>; Thu, 24 Apr 2008 12:13:32 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: from pearl.ibctech.ca (pearl.ibctech.ca [208.70.104.210])
	by mx1.freebsd.org (Postfix) with ESMTP id 461118FC25
	for <freebsd-net@freebsd.org>; Thu, 24 Apr 2008 12:13:32 +0000 (UTC)
	(envelope-from iaccounts@ibctech.ca)
Received: (qmail 74032 invoked by uid 1002); 24 Apr 2008 12:13:31 -0000
Received: from iaccounts@ibctech.ca by pearl.ibctech.ca by uid 89 with
	qmail-scanner-1.22 
	(spamassassin: 2.64.  Clear:RC:1(208.70.104.100):. 
	Processed in 0.067943 secs); 24 Apr 2008 12:13:31 -0000
Received: from unknown (HELO ?192.168.30.110?)
	(steve@ibctech.ca@208.70.104.100)
	by pearl.ibctech.ca with (DHE-RSA-AES256-SHA encrypted) SMTP;
	24 Apr 2008 12:13:30 -0000
Message-ID: <481078F6.9010108@ibctech.ca>
Date: Thu, 24 Apr 2008 08:11:34 -0400
From: Steve Bertrand <iaccounts@ibctech.ca>
User-Agent: Thunderbird 2.0.0.12 (Windows/20080213)
MIME-Version: 1.0
To: Baldur Gislason <baldur@foo.is>
References: <4808A15E.4030007@ibctech.ca>
	<20080418133417.GA66873@gremlin.foo.is>
In-Reply-To: <20080418133417.GA66873@gremlin.foo.is>
X-Enigmail-Version: 0.95.6
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-net@freebsd.org
Subject: Re: IPIP tunnel behind NAT
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Apr 2008 12:13:32 -0000

Baldur Gislason wrote:
> It'll work fine. I've done this several times before.

Hmmm. I still can't seem to get this setup to work. The FreeBSD box is 
in behind a Fortigate 200 unit.

> However I've also had NAT implementations which didn't work this way but
> this one should definitely work.

Are there any ports that need to be opened on the Fortigate to allow the 
tunnel traffic through? There appears to be no place in the Fortigate to 
pass protocol 41 traffic.

Thanks,

Steve