You can do VPN and many to one NAT if you use the SKIP port. It takes a
throrough understanding of both but you essentially use rules in IPFW to
determine what uses VPN and what uses NATD. Search the mailing lists for
SKIP where I listed both the criterea and methodology.

There is probably a way to do something similar with IPSec but I haven't
spent the time to know how to do it.

----- Original Message -----
From: "Ilya" <mailkrel.org>
To: <freebsd-securityFreeBSD.ORG>
Sent: Wednesday, March 07, 2001 8:48 PM
Subject: vpn vs natd

> As far as i know there is no way to make vpn work through many-to-one nat.
> Only many-tomany will work. I currently have at home one-to-many (windows
> clients through freebsd router), now that i need vpn, i got a second
public
> ip. Is it somehow possible to setup that all truffic from certin private
ip
> on my lan would go out as using my new ip? which i guess will reside on
same
> network card, whoch hosts current public ip. is it also possible to do
> without breaking the config i have now?
> so i am thinking, many-to-one nat for all windows clients except one, and
> many-to-many for only one specific private ip.
> how can i do it?
>
> thx a lot.
>
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]