Date: Mon, 4 Dec 2000 13:03:12 -0800 From: Nicholas Esborn <nick@netdot.net> To: Jim Thario <jim@thario.com> Cc: freebsd-questions@freebsd.org Subject: natd + ipsec Message-ID: <20001204130312.A26120@carbon.berkeley.netdot.net>
next in thread | raw e-mail | index | archive | help
I have a similar situation with my home network: a network behind NAT, IPSEC transport between the NAT host and another host (over the Internet in this case), but hosts behind the NAT host cannot talk to the other host. I was thinking this is because IPSec only processes packets originating from the machine it is running on, not packets being gateway'd. I can't run IPSEC in tunnel mode because I don't have a security gateway and private network on the other host. I've thought of running a ppp tunnel, but haven't worked out the ipfw config and would prefer a solution less kludgey. -nick Jim Thario wrote: > We have a network here with public and private subnets. The gateway from the > private to public subnet runs natd. Recently we configured all nodes on the > public subnet to converse using IPSEC transport mode. This also includes the > gateway IP on the public subnet. > Since the addition of IPSEC we are unable to connect to machines on the > public subnet from the private subnet. It seems as if the packets that are > NAT'd through the gateway are byassing IPSEC processing and, of course, the > machines on the public subnet refuse to accept them. > Anyone else experience this? > Thanks in advance, > Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001204130312.A26120>