From owner-freebsd-questions@FreeBSD.ORG  Mon Jun  2 16:31:31 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2EF1B1065673
	for <freebsd-questions@freebsd.org>;
	Mon,  2 Jun 2008 16:31:31 +0000 (UTC) (envelope-from rvm@CBORD.com)
Received: from smssmtp.cbord.com (mx1.cbord.com [24.39.174.11])
	by mx1.freebsd.org (Postfix) with ESMTP id 0063F8FC14
	for <freebsd-questions@freebsd.org>;
	Mon,  2 Jun 2008 16:31:30 +0000 (UTC) (envelope-from rvm@CBORD.com)
X-AuditID: ac1f0165-0000134000000330-80-4844204a2ace 
Received: from Email.cbord.com ([10.1.1.100]) by smssmtp.cbord.com with
	Microsoft SMTPSVC(6.0.3790.1830); Mon, 2 Jun 2008 12:31:05 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 2 Jun 2008 12:27:41 -0400
Message-ID: <FF8482A96323694490C194BABEAC24A002D043EA@Email.cbord.com>
In-Reply-To: <6ae50c2d0806020913v2c7665b8nc3673e30cb8627cc@mail.gmail.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: VPN (IPSEC)
Thread-Index: AcjEy9W4S4QcPqJZSBOJWU0yrCMRtQAAV78g
References: <6ae50c2d0805311649p14863af3y43af39fb4aa2cc8a@mail.gmail.com>
	<6ae50c2d0806020913v2c7665b8nc3673e30cb8627cc@mail.gmail.com>
From: "Bob McConnell" <rvm@CBORD.com>
To: "alexus" <alexus@gmail.com>,
	<freebsd-questions@freebsd.org>
X-Brightmail-Tracker: AAAAAA==
Cc: 
Subject: RE: VPN (IPSEC)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2008 16:31:31 -0000

On Behalf Of alexus
>
>anyone?
>
>
>On Sat, May 31, 2008 at 7:49 PM, alexus <alexus@gmail.com> wrote:
>> Hello,
>>
>> I'm trying to establish a VPN tunnel over internet, I read a
>> http://www.freebsd.org/doc/en/books/handbook/ipsec.html on how to set
>> it up, I'm some what strangeling if my setup will work at all.
>>

IIRC, IPSEC cannot work through a NAT connection. NAT changes header
fields that IPSEC uses for packet authentication. So the receiver cannot
validate the content of the modified header.

Bob McConnell