Hello, I need to connect two networks, e.g. 1.0.0.x (local) and 2.0.0.x (remote) using IPSec and OpenBSD 3.7 on local side. However, remote network is already connected to another 1.0.0.x network, so I need to translate local addreses. I have configured IPSec so that remote thinks that my local network is 1.1.0.x without problems. However, I'm confused about how to configure network translation. binat seems to be the solution, but its documentation is rather short and even confusig (it mentions that binat implicitly creates state for connections, but in my case, I see no need for keeping state information). I tried folowing
binat on enc0 from 1.0.0.0/24 to 2.0.0.0/24 -> 1.1.0.0/24 and it almost worked - ping packets arrived to correct computer in local network, but the replies never got back. thank you for any help or advice, -- Bob Koutsky
