NAT over IPSECed WLAN
vanhu_bsd at zeninc.net
Mon Jan 16 04:16:20 PST 2006
On Mon, Jan 16, 2006 at 11:13:32AM +0100, Przemyslaw Szczygielski wrote:
> Well, for me the config is so complex, that I doubt anyone will
> waste time on going into my config files, but, well... There's
> always hope...
This is not the first time I saw such configurations requests, and
that's why I suggested you to ask on a public ML, because answers will
also be available to others.
> So to make it short: IPSEC working = no NAT. IPSEC off = NAT working.
> I have attached my config files: ipsec.conf, natd.conf, racoon.conf
> and rc.firewall.rules (please don't ask me why do I have ssh on 5901...)
Unfortunately, your configuration attachements were filtered.
But could you send ("inline" in the mail) at least your SPD
For what you want, you should have configuration like:
spdadd <xp> 0/0 out ESP/tunnel/xp-FreeBSD gate/require
("pseudo setkey" syntax, view from XP host, incoming entry also
required, which is reverse).
The important points are "ESP" "tunnel" and "0/0" as remote traffic
On BSD side, you can have reversed spd entries, or use racoon's
Is that what you have ?
Another way of doing things is to use IPSec transport+L2TP, which can
looks simpler from Window's side, but which I think is more complex in
fact (another encapsulation level).
> If you can tell me, what went wrong I'd be very grateful. And I will
> surely write a detailed HOWTO for future generations... ;-)
Would be welcome, perhaps on FreeBSD's docs, and at least at
ipsec-tools website !
NETASQ - Secure Internet Connectivity
More information about the freebsd-net