Hi,
I am trying to solve a problem where my laptop, using windows based
IPSec client, cannot access the corporate VPN from home. I have a cable
modem connection to my home LAN which uses FreeBSD as a router
(ipfw/natd.) The VPN is via an IPSec ESP tunnel (transport not
allowed.)
The client sends the rouer a tunneled packet (ip header, esp
protocol) just fine. Using "tcpdump -n", I noticed that my ESP packets
are not being translated. All other packets are translated just fine
(included IKE exchanges; web access to my cable provider,
www.freebsd.org etc.) The IP packets with protocol of ESP results in
my private subnet (172.16.x.x) still being in the IP source address
field.
This router is on old 486 running FreeBSD 3.4-Release with Altq (altq
disabled). I'm running ipfw using OPEN (e.g. I just want nat traslation
until I get this working, then I'll worry about real rules.)
I've also tried adding "allow esp from any to any" and "add divert natd
esp from any to any via ep0" just in case the keyword any in "from any
to any" doesn't apply to esp packets. I still have the same problem.
Any ideas? Is ipfw/natd meant to translate the IP address for IPSec/ESP
packets? Do I need special rules to turn this on?
Thanks,
MikeC
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
