Hi,
I need help to write a correct rule in pf.conf.
I want :
A -----> B ------> web
The appearing IP of A is the B's one on the web.
I managed to configure iked on A and B using default pubkeys according
to Stuart Henderson advices.
iked.conf on A :
ikev2 active ipcomp esp \
from 192.168.100.0/16 to 0.0.0.0/0 \
peer "xx.xx.xx.xx" \
srcid "m...@moria.lan" \
dstid "B-hostname.tld" \
tag IKED
iked.conf on B :
ikev2 "warrior" passive esp \
from 0.0.0.0/0 to 0.0.0.0/0 \
local xx.xx.xx.xx peer any \
srcid "B-hostname.tld" \
tag IKED
Auth works as expected :
# iked -vvd
...
sa_state: VALID -> ESTABLISHED from xx.xx.xx.xx:4500 to 192.168.100.122:4500
policy 'policy1'
...
But I can't reach internet from A through B.
Here is the pf.conf on B (at least a small part of it)
pass out on egress \
from any to any tagged IKED \
nat-to (egress)
I guess the issue is in my pf.conf.
What do you think ?
Any advice?
Regards.
--
thuban
