On Thu, Sep 05, 2002 at 03:17:23PM -0400, Fletch wrote: > it work'? After patching up IP Filter to 3.4.28 on an existing 2.9 > install I've gotten IPSec through an OpenBSD NAT'ing firewall
http://cryptonomicon.org/~jolan/?sel=vpn_through_nat&sub=papers here's the quick answer: yes it will work, but you will probably end up having to use binat for 3.1. if you opt to go with 3.1-current or 3.2, the solution is much easier (check the -current manpage, the exact rule that you need is in there thanks to dhartmei committing my update :)) - jolan
