ok, I know I've seen this before but can't seem to find the link. I am
setting up a vpn using isakmpd and for the regular net to net stuff it
works fine. I am trying to use an alias ip on each gateway and nat to
the internal host. The isakmpd.conf would use phase one real-ip-1 and
use real-ip-2 (nat/binat)to the internal client.
Is this making sense? ..
I1 (172.30.1.2) -> GW1(10.0.1.1/24) -router - GW2(10.0.2.1/24)
I1------>NAT ----->10.0.1.2 x-router-x 10.0.2.2 NAT ->I2 (172.31.1.2)
pf.conf should? have
binat on enc0 from 172.30.1.2 to any ->10.0.1.2
and would also have /etc/hostname.xyz
inet alias 10.0.1.2
and the same stuff on the other end. Packet capture shows it using
the external interface with no nat to get out.
What am I doing wrong? - a link, doc or whack upside the head is
accepted!
thanks
Roy
