An: Christoph Leser
Cc: misc@openbsd.org
Betreff: Re: NAT/pf before IPSEC
On Wed, 21 Dec 2005, Christoph Leser wrote:
Does this imply that I must not mention VPN-2 in the isakmpd.conf Connections
statement?
Thanks for your help.
I tried with and without and didn't get it working either way. I think
Sorry for the late reply.
Indeed 192.168.8.254 is the IP Address of the internal NIC. In fact I
only have one NIC on my OpenBSD Server (it's a Mac Cube, so I cannot
add another one). It's setup as the default router for the other
systems (through DHCP). Below is the contents of my
On Wednesday 21 December 2005 02:09, you wrote:
now I need to nat my internal network
to appear to be coming from 10.0.20.254
Is this to accommodate a service of some type or what?
Add some more information as there is likely a
bunch of ways to do something depending of the expected or
Hello,
I'm running into an issue which was brought up on the list before, the
last reference I found was in 2004:
http://archive.openbsd.nu/?ml=openbsd-pfa=2004-10m=430206
I have an OpenBSD 3.8 machine.
dc0 is an internal NIC assigned 192.168.20.250
fxp0 is an external NIC assigned a.b.c.d
One easier way I have had this working is to add an additional section
to your isakmpd.conf. Something like the following. Your NAT then takes
care of the rest.
[VPN-1]
Phase= 2
ISAKMP-peer=remote
Configuration=
Gesendet: Mittwoch, 21. Dezember 2005 12:52
An: misc@openbsd.org
Betreff: Re: NAT/pf before IPSEC
One easier way I have had this working is to add an additional section
to your isakmpd.conf. Something like the following. Your NAT
then takes
care of the rest.
[VPN-1]
Phase
I have been using IPSec a lot on OpenBSD and Mac OS X, but switched
almost completely to OpenVPN.
As far as I'm concerned OpenVPN is far less complex, works well with
NAT (off course you can NAT-T with OpenBSD, but Mac OS for example
doesn't support that), the design looks good, is based
change the negotiation between
the two endpoints.
Thanks
-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag
von Nick Suckling
Gesendet: Mittwoch, 21. Dezember 2005 12:52
An: misc@openbsd.org
Betreff: Re: NAT/pf before IPSEC
One easier
Betreff: Re: NAT/pf before IPSEC
No the other side does not need to know about this additional
section if
you are using NAT as described.
Nick
On Wed, 2005-12-21 at 14:06 +0100, Christoph Leser wrote:
If you add this extra section to your isakmpd.conf, do you
need to add
of salt.
-Matt-
-Urspr|ngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag
von Nick Suckling
Gesendet: Mittwoch, 21. Dezember 2005 15:32
An: misc@openbsd.org
Betreff: Re: NAT/pf before IPSEC
No the other side does not need
On your question, this is what I have used form my IPSec tunnel's nat:
Internal network 192.168.8.0/24
Remote network 192.168.1.0/24
vpnip=192.168.1.1
scrub in
nat on enc0 from { gem0, gem0:network } - $vpnip
Together with:
# cat /etc/hostname.enc0
up
!ipsecadm flow -out -require -proto esp
11 matches
Mail list logo
