From owner-freebsd-questions@FreeBSD.ORG  Mon May 15 04:53:13 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F11B116A410
	for <freebsd-questions@freebsd.org>;
	Mon, 15 May 2006 04:53:13 +0000 (UTC)
	(envelope-from mrkung@gmail.com)
Received: from wx-out-0102.google.com (wx-out-0102.google.com [66.249.82.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 932E643D6D
	for <freebsd-questions@freebsd.org>;
	Mon, 15 May 2006 04:53:10 +0000 (GMT)
	(envelope-from mrkung@gmail.com)
Received: by wx-out-0102.google.com with SMTP id t13so68864wxc
	for <freebsd-questions@freebsd.org>;
	Sun, 14 May 2006 21:53:10 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=AJgVg3BrtQcYNr8RK+WR6SoCf0lJjpPfjZbD5vXtI5YAM+YxbqymCHA+Mc6+qNbdWtwFuIwGQkFuz0tpU3wkLkkpLJDDpxMPFpULGjHlnAD2AVyVCdyLqz1/lA7DOHWSUzZ6eWfis/IQ1d8UmrcXiEb5Ekpt+goyli283Wn/apc=
Received: by 10.70.14.19 with SMTP id 19mr3097794wxn;
	Sun, 14 May 2006 21:53:09 -0700 (PDT)
Received: by 10.70.65.15 with HTTP; Sun, 14 May 2006 21:53:09 -0700 (PDT)
Message-ID: <67f5afb90605142153w29f837fan7f9534a11ca94cd4@mail.gmail.com>
Date: Mon, 15 May 2006 01:53:09 -0300
From: "Maicon Stihler" <mrkung@gmail.com>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: IPsec questions
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 15 May 2006 04:53:14 -0000

Hi,

I started playing with IPsec on my FreeBSD 6.1 and I was wondering if
its possible to deploy an IPsec gateway behind a nat (1-1) router.
Im not sure, but I remember reading somewhere that other
implementations like Free/OpenSwan would let me to do that.

It would be something like:

LAN--[ freebsd box (ipsec with internal ip)---[nat router(public
ip)----[VPN clients]

The VPN clients would be roadwarriors and/or other vpn gateways.

Other question I have is, what is the recommended IKE daemon? I saw
that in the ports there is at least three (ipsec-tools (with racoon),
racoon2, and isakmpd). The isakmpd seems to be very clean, but I heard
that its not full-featured as it is on OpenBSD. Im using racoon (from
ipsec-tools) to encrypt my wireless traffic, but It core dumped a few
times and Im abit anxious about it, heh...

Best Regards,
Maicon