At 12:16 9-4-2002 +0200, Dennis Pedersen wrote: >But uhm is there a 'simple' way of doing this? (as in just adding the IP of >the other ends gif interface as destinatio in my routes? >The setup today i an exact copy of (other IP's of course) >www.freebsddiary.org/ipsec-tunnel.php >This works just fine besides til problem with my routes, arcording to the >draft IPIP is the solution. My Question is now how do i set up with an IPIP >tunnel? >On http://rr.sans.org/firewall/IPSec_VPN.php there is an example, from my >point of view it looks kind of complicated. Can it be made any simpler? >If this is the way to do it, can i run mutible natd on both my external >interface and the virtual gif interface (the howto creates the gif tunnel >and diverts all trafic into this tunnel with natd on both ends) and how? >(because i can't really se how the ipfw add divert natd can tell the >difference between te 2 sessions of natd)
That 2nd example is actually quite straightforward. It's just rather extensive. And yes you can use 2 nat daemons. The 'natd' in the ipfw divert rule is just a port number. You can start a second nat on a different divert port, and use that other portnumber in the ipfw divert rule. Good luck, Doc To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message