|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: how to configure a FreeBSD firewall to pass IPSec?
From: Crist J. Clark (crist.clark
attbi.com)
Date: Thu May 01 2003 - 17:35:36 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Apr 30, 2003 at 04:53:48PM -0400, Guy Middleton wrote:
> On Wed, Apr 30, 2003 at 02:50:44PM -0400, Lowell Gilbert wrote:
> > Guy Middleton <guyobstruction.com> writes:
> >
> > > I have a FreeBSD box acting as a firewall and NAT gateway
> > >
> > > I would like to set it up to transparently pass IPSec packets -- I have
> > > an IPSec VPN client running on another machine, connecting to a remote network.
> > >
> > > Is there a way to do this? I can't find any hints in the man pages.
> >
> > It's impossible. IPSEC can't be passed through a NAT.
> >
> > The best you could do would be to terminate the tunnel on the gateway itself.
>
> Ok, now I'm confused. The same client (Cisco VPN 3.5 on Windows) works
> through a LinkSys router / NAT gateway (a BEFSR81) at a different location.
> The LinkSys even has a friendly little check-box to allow IPSec pass-through.
>
> I would like the FreeBSD gateway to work the same way as the LinkSys.
Have you tried it? A Cisco VPN client worked fine for me the first
time I tried. Of course, we are using UDP encapsulation. And LinkSys
routers have actually been the only thing we've found that manage to
break the Cisco clients (the LinkSys "pass-through" was actually
breaking it). Funny.
--
Crist J. Clark | cjclarkalum.mit.edu
| cjclarkjhu.edu
http://people.freebsd.org/~cjc/ | cjcfreebsd.org
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]