Hi folks; I have a fairly complex configuration here with IPSEC on a gateway machine, which is working fine. However, I also wish to pass through *client* IPSEC setup requests (which happen to be coming from cellphones that want to use WiFi calling) as well, and have run into a problem.
T-Mobile's WiFi calling appears to set up an IPSEC tunnel back to the company when turned on. The issue I'm running into is that while this is *supposed* to work with a device behind a NAT router (and does in other locations around the area) my FreeBSD gateway (which also happens to run the IPSEC gateway) always appears to pass the *internal* address (!) for the phone outbound, and refuses to put the setup packets through NAT. If I shut down IPSEC on the gateway machine and remove all of its ipfw rules it still doesn't work; I get authentication errors returned (when looking at the data stream with tcpdump to and from the phone device) which implies that the packets sent to the host are being tampered with -- along with some untranslated transmissions as well. Does anyone have a sample configuration that works with T-Mobile's WiFi calling and FreeBSD's internal kernel NAT solution? That might be enough for me to figure out what's going on... FreeBSD 11.0-STABLE #13 r307318M: if the rev matters.... Thanks in advance! -- Karl Denninger [email protected] <mailto:[email protected]> /The Market Ticker/ /[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
