Date: Wed, 08 Dec 1999 02:12:41 +0000 From: jomor <jomor@ahpcns.com> To: freebsd-security@freebsd.org Subject: Re: can IPFW & NAT co-exist with kame IPSEC? Message-ID: <384DBE98.D44DE01@ahpcns.com> References: <199912070458.MAA00905@netrinsics.com>
index | next in thread | previous in thread | raw e-mail
Does pipsecd require ppp or will it work with ethernet too? I want to use this
with an Ethernet connected DSL router.
TIA ...jgm
Michael Robinson wrote:
> jomor <jomor@ahpcns.com> writes:
> >I want to add support for kame IPSEC (for net-to-net tunnelling)
> >capability to my existing firewall/NAT box. The box is running freebsd
> >3.3-STABLE. I am networking with IP-V4 and don't want to go to V6 at
> >this time. Does anyone know if this is possible?
>
> I don't know if it's possible, but I *do* know it's possible to use
> ipfilter+ipnat+pipsecd to achieve the same functionality on one box.
>
> (And, with a few tricks, also userland ppp, to get a dial-on-demand VPN.)
>
> >If it's possible, what firewall
> >rule modifications do I need so tunnel-bound traffic doesn't get NAT'ed?
>
> Tunnel-bound traffic with pipsecd is routed to a separate tun device from the
> ipnat interface, so this isn't a problem. Tunnel packets appear as esp
> packets originating from the gateway interface.
>
> -Michael Robinson
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?384DBE98.D44DE01>