Re: IPSec-NAT setup using racoon2

2007-06-03 Thread Norberto Meijome 
On Fri, 1 Jun 2007 18:20:01 +0530
SethuRaman Krishnasamy [EMAIL PROTECTED] wrote:

   I would like to know if IPSec-NATT setup can
 be made using racoon2 and the procedure for the same. I'm using
 racoon2 version racoon2-20061228a

AFAIK, you need IPSEC_NATT support in the kernel. search the archives of this
list and -net@ for info on the patch for -STABLE (and -CURRENT, i think)

_
{Beto|Norberto|Numard} Meijome

Tell a person you're the Metatron and they stare at you blankly.
 Mention something out of a Charleton Heston movie and suddenly everyone's a
Theology scholar! Dogma

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: IPSEC/NAT issues

2002-10-18 Thread Julien Bournelle 
On Fri, Oct 18, 2002 at 04:54:33PM +0200, [EMAIL PROTECTED] wrote:
 I have often wondered about this..
 Surely there must be a way to do it.

Actually, I guess not, they're working on this problem at IETF. Maybe you
could look at this inetrnet-drafts:

draft-ietf-ipsec-nat-reqts-02.txt

Hope it helps,

[EMAIL PROTECTED]

 
 -D
 
  -Original Message-
  From: Thomas Spreng [mailto:spreng;insomniac.ch]
  Sent: Friday, October 18, 2002 11:09 AM
  To: Charles Henrich
  Cc: [EMAIL PROTECTED]
  Subject: Re: IPSEC/NAT issues
  
  
  On Thu, Oct 17, 2002 at 11:15:24AM -0700, Charles Henrich wrote:
   I have a network/firewall where I want to nat an entire 
  network.  However, I
   also want nat traffic to one remote host in particular out 
  on the internet to
   be IPsec'd as well.
   
   [A] (10.x) [B] (Nat) [C] (Real IP)
   
   I've setup IPsec on both machines, and from either machine 
  (B,C) I can ssh to
   the other, with ipsec packets all happening happy as a 
  clam.  However if try a
   connection from behind the nat box to the remote host (A,C) 
  the key exchange
   works fine (between BC), but then no data flows back and 
  forth.  Anyone have
   any suggestions on this?  Thanks!
   
   -Crh
  hi charles,
  
  im not sure if i understand your problem right but just keep 
  in mind that you
  cannot make a NAT between an IPSec connection. This is 
  because the address
  translation rewrites the ip headers and the ipsec 
  authentification header 
  prevents the packet from being altered.
  
  greets
  
  To Unsubscribe: send mail to [EMAIL PROTECTED]
  with unsubscribe freebsd-questions in the body of the message
  
 -
 ATTENTION:
 The information in this electronic mail message is private and
 confidential, and only intended for the addressee. Should you
 receive this message by mistake, you are hereby notified that
 any disclosure, reproduction, distribution or use of this
 message is strictly prohibited. Please inform the sender by
 reply transmission and delete the message without copying or
 opening it.
 
 Messages and attachments are scanned for all viruses known.
 If this message contains password-protected attachments, the
 files have NOT been scanned for viruses by the ING mail domain.
 Always scan attachments before opening them.
 -
 
 To Unsubscribe: send mail to [EMAIL PROTECTED]
 with unsubscribe freebsd-questions in the body of the message

To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message