Date: Wed, 30 May 2001 23:23:06 -0600 (MDT) From: Brad Waite <brad@wcubed.net> To: freebsd-net@freebsd.org Subject: IPSec/NAT single gateway? Message-ID: <Pine.BSF.4.21.0105301847220.79384-100000@mail.datausa.com>
next in thread | raw e-mail | index | archive | help
Hey there, all you network gurus,
I'm attempting to connect two office LANs over the Net with a VPN. I was
originally looking at vpnd, but it appears that everything I need is available
in the 4.3 kernel via IPsec.
The two offices are running Windows (95, 98, & NT4) on the desktop and are
connected to the net via DSL. While I will have static external IPs to work
with, it's likely that the DSL router is set up in PPP mode with NAT enabled.
Assuming DSL router's inside address is 10.0.0.1, would I want to set my
gateway's outside IF to 10.0.0.2 and the inside to 10.0.1.1, with all the
desktops on the 10.0.1 network?
Here's what I'm thinking:
< PC net on 10.0.3.0 >
|
|
|---- 10.0.3.1 ----|
| FBSD |
|---- 10.0.2.2 ----|
|
|
|---- 10.0.2.1 ----|
| DSL Router |
|---- Inet addr ---|
|
|
(~~~~~~~~~)
( )
( The Big I )
( )
(_________)
|
|
|---- Inet addr ---|
| DSL Router |
|---- 10.0.0.1 ----|
|
|
|---- 10.0.0.2 ----|
| FBSD |
|---- 10.0.1.1 ----|
|
|
< PC net on 10.0.1.0 >
Will this work, or will the DSL router's NAT break IPsec? Also, are there
problems with traffic to/from the Internet? Should I NAT that, or just use a
255.255.0.0 mask?
Thanks much in advance,
Brad Waite
brad@wcubed.net
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0105301847220.79384-100000>