From owner-freebsd-current@FreeBSD.ORG Sat Mar 13 15:32:02 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7138C16A4CF for ; Sat, 13 Mar 2004 15:32:02 -0800 (PST) Received: from pooh.cobbled.net (unknown [195.218.110.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id 193F943D31 for ; Sat, 13 Mar 2004 15:32:01 -0800 (PST) (envelope-from fergus@cobbled.net) Received: from pooh.cobbled.net (localhost [127.0.0.1]) by pooh.cobbled.net (8.12.10/8.12.10) with ESMTP id i2DNKlhX010212; Sat, 13 Mar 2004 23:20:47 GMT (envelope-from fergus@pooh.cobbled.net) Received: (from fergus@localhost) by pooh.cobbled.net (8.12.10/8.12.10/Submit) id i2DNJVUa010193; Sat, 13 Mar 2004 23:19:31 GMT (envelope-from fergus) Date: Sat, 13 Mar 2004 23:19:31 +0000 From: fergus To: Neil Fenemor Message-ID: <20040313231931.GA10152@pooh.cobbled.net> Mail-Followup-To: Neil Fenemor , freebsd-current@freebsd.org References: <1079038531.29695.2.camel@acer> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1079038531.29695.2.camel@acer> X-Mailman-Approved-At: Sun, 14 Mar 2004 05:47:17 -0800 cc: freebsd-current@freebsd.org Subject: Re: IPSec/NAT/Gateway Query X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Mar 2004 23:32:02 -0000 On 12.03-09:55, Neil Fenemor wrote: [ ... ] > x.y.z.11 -> x.y.z.254 : works perfectly > x.y.z.11 -> x.y.z.254 -> 0.0.0.0 : works perfectly > rfc 1918 -> x.y.z.11 -> x.y.z.254 : Fails > rfc 1918 -> x.y.z.11 -> x.y.z.254 -> 0.0.0.0 : Fails perhaps i'm being stupid but this basically means nothing to me. the following text didn't illutidate the situation either. [ ... ] > Any ideas/input would be greatly appreciated. i would guess that you have a muddled configuration. it sounds like you have nat at the wrong place and tunnels where you should simply have transport security. though that is a guess because i don't understand anything of your config from the description. 'course by now you've probably resolved the situation anyway. ;-) -- : fergus cameron : [ .] cobbled : : ^^^^^^@cobbled.net : [ ~][ ] .net :