Date: Thu, 20 Apr 2000 18:10:09 +0200 From: Erwan Arzur <erwan@netvalue.com> To: itojun@iijlab.net Cc: Muhammad Najib <najib@kdu.edu.my>, freebsd-security@FreeBSD.ORG Subject: Re: VPN using IPSec Message-ID: <38FF2BE1.FBBCBF1@netvalue.com> References: <11595.956240178@coconut.itojun.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> >- at the same time allow Internet connectivity throughout the world > >using NAT > > > >I've been understood by the doc that I need to use the 'tunnel mode' > >instead to achieve this. I followed the documentation in the handbook > >(http://www.freebsd.org/handbook/ipsec.html) but failed. Here's the > >conf files: > > NAT - IPsec interaction will be very tricky, so I will not talk about > that. I tried for hours to get the same kind of network setup than the original poster, did not understand why icmp packets were normally coming in the gateway through the tunnel while the responses were always sent without any kind of encapsulation, until i discovered that all these packets were natted, thus never matched by the SPD ... NAT is not your friend when you try to setup an IPSEC tunnel. -- UNIX *IS* user friendly. It's just selective about who its friends are. --unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38FF2BE1.FBBCBF1>