Hi,
I had a subnet 192.168.110.0 to subnet 10.11.12.0 IPSEC Tunnel running
fine.
Now the owner of the remote end of the vpn-tunnel asks if I can change
vpn-config and do Nat to 172.3.4.0 because he has some trouble routing
packets from my 192.168.110.0 network.
I don't hav any problems to change the vpn-config to fit his needs, but
is there a way to nat at my incoming(LAN)if so, that the packets gets
natted ( masqueraded ) before they enter the tunnel ?
I can successfully Ping my destination from a host I located within the
172.3.4.0 Network because I assigned 172.3.4.1 as alias for my LAN-if
which is also part of my 192.168.110.0 Network, but accessing the
destiation from hosts which need to be natted ( from within my
192.168.110.0 network ) fails.
I tryed to nat:
nat pass on $int_if from 192.168.110.0/24 to 10.0.0.0/8 -> 172.3.4.1
pfctl -s nat gives:
nat pass on xl0 inet from 172.3.4.0/28 to 10.11.12.0/24 ->
172.22.125.241
nat pass on xl0 inet from 192.168.110.0/24 to 10.11.12.0/24 ->
172.22.125.241
Any ideas ?
Kind regards,
Stefan
