NAT over IPSECed WLAN
Przemyslaw Szczygielski
qus2 at o2.pl
Mon Jan 16 02:13:34 PST 2006
Well, for me the config is so complex, that I doubt anyone will
waste time on going into my config files, but, well... There's
always hope...
It's about FreeBSD 6.0 "Gateway", which routes WLAN connected
stations to the Internet through NAT. I want IPSEC between WLAN
interfaces of "Gateway" and "Clients".
Let's say are two machines:
1. "Gateway" is FreeBSD 6.0 and has 2 interfaces:
a. fxp0 (public, connecting to the Internet)
b. ndis0 (private, 10.2.0.1, serving WLAN clients)
2. "Client" is Windows XP and has 1 interface:
a. some interface (private, 10.2.0.2, WLAN)
I have a working setup that has working NAT ("Client" sees Internet
throuogh NAT on "Gateway", configured as default gateway on
Windows), when IPSEC is turned off.
I also have working IPSEC between these two machines (they can ping
each other) but then NAT stops working (but "Gateway" still connects
to the Internet, so i.e. I can putty from "Client" to "Gateway", it
goes through IPESECed WLAN, and from putty use Lynx to browse. But
can't browse internet on "Client".
So to make it short: IPSEC working = no NAT. IPSEC off = NAT working.
I have attached my config files: ipsec.conf, natd.conf, racoon.conf
and rc.firewall.rules (please don't ask me why do I have ssh on 5901...)
If you can tell me, what went wrong I'd be very grateful. And I will
surely write a detailed HOWTO for future generations... ;-)
Cheers,
Przemek
More information about the freebsd-net
mailing list