how to configure a FreeBSD firewall to pass IPSec?
Guy Middleton
guy at obstruction.com
Wed Apr 30 13:53:54 PDT 2003
On Wed, Apr 30, 2003 at 02:50:44PM -0400, Lowell Gilbert wrote:
> Guy Middleton <guy at obstruction.com> writes:
>
> > I have a FreeBSD box acting as a firewall and NAT gateway
> >
> > I would like to set it up to transparently pass IPSec packets -- I have
> > an IPSec VPN client running on another machine, connecting to a remote network.
> >
> > Is there a way to do this? I can't find any hints in the man pages.
>
> It's impossible. IPSEC can't be passed through a NAT.
>
> The best you could do would be to terminate the tunnel on the gateway itself.
Ok, now I'm confused. The same client (Cisco VPN 3.5 on Windows) works
through a LinkSys router / NAT gateway (a BEFSR81) at a different location.
The LinkSys even has a friendly little check-box to allow IPSec pass-through.
I would like the FreeBSD gateway to work the same way as the LinkSys.
More information about the freebsd-security
mailing list