Date: Fri, 07 Mar 2014 13:15:52 +0100 From: Eric Masson <emss@free.fr> To: "John W. O'Brien" <john@saltant.com> Cc: Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: [FreeBSD 10.0] nat before vpn, incoming packets not translated Message-ID: <8661nqmcg7.fsf@srvbsdfenssv.interne.associated-bears.org> In-Reply-To: <53193371.4090603@saltant.com> (John W. O'Brien's message of "Thu, 06 Mar 2014 21:48:17 -0500") References: <868uu4rshh.fsf@srvbsdfenssv.interne.associated-bears.org> <53193371.4090603@saltant.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"John W. O'Brien" <john@saltant.com> writes: Hi John, > You also need to perform NAT processing on the traffic that returns to > gateway1 from gateway2. > > $cmd add 200 nat 100 all from 192.168.21.0/24 to 172.16.0.1 I've been privately told about the return rule (I'm used to pf not ipfw), but no luck. Seems that http://www.freebsd.org/cgi/query-pr.cgi?pr=185876, as stated by Philipp could be an good candidate to explain failures even with return rule set up. > I'm curious to learn whether this is sufficient. I haven't tested any > combination of NAT and IPsec. bz@ seem to have used this kind of setup for a looong time ;) Regards Éric -- This is a multi-part message in MIME format. ... Content-Transfer-Encoding: quoted-printable ... J EN AI MARRE DES C... QUI NE RESPECTENT PAS LES CHARTES -+- R in: Guide du neuneu Usenet - bien respecter sa netiquette -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8661nqmcg7.fsf>