Date: Fri, 07 Mar 2014 19:40:07 +0100 From: Eric Masson <emss@free.fr> To: Philipp Schmid <philipp.schmid@openresearch.com> Cc: "John W. O'Brien" <john@saltant.com>, Mailing List FreeBSD Network <freebsd-net@FreeBSD.org> Subject: Re: [FreeBSD 10.0] nat before vpn, incoming packets not translated Message-ID: <86siqtluns.fsf@srvbsdfenssv.interne.associated-bears.org> In-Reply-To: <09B6BE02-2F04-41A1-AC0D-9A7943F88086@openresearch.com> (Philipp Schmid's message of "Fri, 7 Mar 2014 07:55:22 %2B0100") References: <868uu4rshh.fsf@srvbsdfenssv.interne.associated-bears.org> <53193371.4090603@saltant.com> <09B6BE02-2F04-41A1-AC0D-9A7943F88086@openresearch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Philipp Schmid <philipp.schmid@openresearch.com> writes: Hi Philipp, > FreeBSD 10 seems to have problems with IPSec and filtering/nat. > Maybe your problem is related to: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=185876 I've rebuilt a kernel with the last patch available in the PR. It doesn't work (return nat rule in place). I think I'll try the following setup on gateway1 : - IIPTran https://www.ietf.org/rfc/rfc3884.txt (ipip tunnel in transport mode) - outside nat with pf on gif interface What bothers me is that ipfw reverse nat should work... Regards Éric Masson -- J'ai une dissert' en français : "Trouvez-vous regrettable que le camping sauvage soit interdit en France ?" Pouvez-vous m'aider, car je n'ai jamais campé !... -+- Laure in:<http://www.le-gnu.net>- Youkaidi, youkaida -+-
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86siqtluns.fsf>