From owner-freebsd-net Thu Nov 7 19:18:55 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 624B337B401 for ; Thu, 7 Nov 2002 19:18:54 -0800 (PST) Received: from web20010.mail.yahoo.com (web20010.mail.yahoo.com [216.136.225.73]) by mx1.FreeBSD.org (Postfix) with SMTP id 1F7DA43E3B for ; Thu, 7 Nov 2002 19:18:54 -0800 (PST) (envelope-from vctw@yahoo.com) Message-ID: <20021108031853.91619.qmail@web20010.mail.yahoo.com> Received: from [168.95.19.3] by web20010.mail.yahoo.com via HTTP; Thu, 07 Nov 2002 19:18:53 PST Date: Thu, 7 Nov 2002 19:18:53 -0800 (PST) From: Vincent Chen Subject: configure ipsec to accept roaming users? To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, all I already done some test on ipsec transport and tunnel test successfully. Now, I try to figure out how to deal with roaming users. Here is the situation: internal <---> freebsd <---> roaming user freebsd's external NIC has a public, to accept incoming ipsec from roaming user. freebsd's internal NIC has a private IP, which connect to internal network. How can I write a proper ipsec policy? Is it necessary to add a route manually after connection is up? Please provide your successfully story. Thanks, __________________________________________________ Do you Yahoo!? U2 on LAUNCH - Exclusive greatest hits videos http://launch.yahoo.com/u2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message