From owner-freebsd-net Thu Mar 18 14:35:51 1999 Delivered-To: freebsd-net@freebsd.org Received: from nebraska.utcorp.com (nebraska.utcorp.com [146.145.135.14]) by hub.freebsd.org (Postfix) with ESMTP id 0017D14D54 for ; Thu, 18 Mar 1999 14:35:42 -0800 (PST) (envelope-from kseel@utcorp.com) Received: from utcorp.com (x-kspc.utcorp.com [146.145.135.17]) by nebraska.utcorp.com (8.8.5/8.8.5) with ESMTP id WAA23117 for ; Thu, 18 Mar 1999 22:15:12 -0500 (EST) Message-ID: <36F18016.5BA99C21@utcorp.com> Date: Thu, 18 Mar 1999 17:37:10 -0500 From: Kurt Seel X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.8-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-net@FreeBSD.ORG Subject: Re: SKIP on 3.1 References: <199903182204.OAA94934@bubba.whistle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Archie Cobbs wrote: > Charles Henrich writes: > > Im attempting to build a skip tunnel between two machiens that are tunning > > IPFW+NAT ... So basically in pictures: > > > > > > 10.x <---> [IPFW+NAT] <---> The Internet <--> [IPFW+NAT] <---> 10.x > > > > I want to build a VPN between the two 10 networks... Any suggestions, points > > hints, RTFM's (which M? :) etc? Thanks! > > > > ===== > > > > My problem is I cant see how to create a VPN link between the two 10 networks > > without going through the NAT translation, which would totally break the VPN > > software. Any ideas? > > Don't use NAT at all, just do SKIP in tunnel mode and use the -f > flag to skiphost to make sure the source address for your packets > is the routable address and not the 10.x address. > > If you *also* want address translation for the 10.x nets to reach > the outside world, this is do-able but takes some care (I've never I used iptunnel (with skip) to accoplish this after it became appearent that the level of 'care' needed was beyond my fuzzy little brain. The only caveat for is that I can't talk to the far 10.x net from one of the routers :-( If you want the configs, contact me off-list. > > done it myself). See the notes in README.FreeBSD. > > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message