From owner-freebsd-net Wed May 30 22:29:40 2001 Delivered-To: freebsd-net@freebsd.org Received: from mail.datausa.com (mail.datausa.com [207.174.131.1]) by hub.freebsd.org (Postfix) with ESMTP id 1101A37B424 for ; Wed, 30 May 2001 22:29:37 -0700 (PDT) (envelope-from brad@wcubed.net) Received: from localhost (brad@localhost) by mail.datausa.com (8.9.3/8.9.1) with ESMTP id XAA92806 for ; Wed, 30 May 2001 23:23:06 -0600 (MDT) Date: Wed, 30 May 2001 23:23:06 -0600 (MDT) From: Brad Waite X-Sender: brad@mail.datausa.com To: freebsd-net@freebsd.org Subject: IPSec/NAT single gateway? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hey there, all you network gurus, I'm attempting to connect two office LANs over the Net with a VPN. I was originally looking at vpnd, but it appears that everything I need is available in the 4.3 kernel via IPsec. The two offices are running Windows (95, 98, & NT4) on the desktop and are connected to the net via DSL. While I will have static external IPs to work with, it's likely that the DSL router is set up in PPP mode with NAT enabled. Assuming DSL router's inside address is 10.0.0.1, would I want to set my gateway's outside IF to 10.0.0.2 and the inside to 10.0.1.1, with all the desktops on the 10.0.1 network? Here's what I'm thinking: < PC net on 10.0.3.0 > | | |---- 10.0.3.1 ----| | FBSD | |---- 10.0.2.2 ----| | | |---- 10.0.2.1 ----| | DSL Router | |---- Inet addr ---| | | (~~~~~~~~~) ( ) ( The Big I ) ( ) (_________) | | |---- Inet addr ---| | DSL Router | |---- 10.0.0.1 ----| | | |---- 10.0.0.2 ----| | FBSD | |---- 10.0.1.1 ----| | | < PC net on 10.0.1.0 > Will this work, or will the DSL router's NAT break IPsec? Also, are there problems with traffic to/from the Internet? Should I NAT that, or just use a 255.255.0.0 mask? Thanks much in advance, Brad Waite brad@wcubed.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message