Eric Masson writes:
Hi Bjoern,
> Ok, I've never used ipfw so shot in the dark.
>
> If I had to nat 192.168.85.0/24 to 10.0.0.1 to access 192.168.201.0/24,
> I would have to setup the following :
>
> ipfw add divert natd all from 192.168.85.0/24 to 192.168.201.0/24 in
> natd -alias_address 10.0.0
"Bjoern A. Zeeb" writes:
Hi Bjoern,
> What I said before and will repeat is that if you want to use NAT and
> VPN you want to do inside NAT (addmittingly handling the local machine
> is a different story). I have done that years ago with ipfw. Then your
> SA works on the NAT IP. I used it to avo
On Tue, 20 Oct 2009, Eric Masson wrote:
Good evening,
vanhu writes:
'Lut Yvan,
Another way to have this feature is to implement what we call "NAT
before VPN": you can configure your kernel (or do it for specific NAT
rules if you want to do a more flexible implementation) to do NAT
process b
vanhu writes:
'Lut Yvan,
> Another way to have this feature is to implement what we call "NAT
> before VPN": you can configure your kernel (or do it for specific NAT
> rules if you want to do a more flexible implementation) to do NAT
> process before doing IPsec stuff.
I've used it last week on
>
> OpenBSD's way of doing things seems interesting while reading very
> quickly your link, I'll have to take some more time to really see
> exactly what they are doing.
>
>
Basically they make aware the daemon and the firewall of the nat.
Actually it is more 'user-friendly' to configure thoug
Hi all.
On Mon, Oct 19, 2009 at 05:32:14PM +0200, Eric Masson wrote:
[]
> I know ;) I'll bug them regarding ${suject} as well (some ipsec-tools
> devs lurk there too)
Do you think so ? :-D
> I'm not sure that pf & ipsec stack already support this feature. Maybe
> bz@ or vanhu@ will shed a
On Mon, Oct 19, 2009 at 5:32 PM, Eric Masson wrote:
> Ermal Luçi writes:
>
> Hello Ermal,
>
>> I think you should send this email to ipsec-tool mailing list!
>> Basically the daemon should be modified for this and FreeBSD
>> is not the owner of such code.
>
> I know ;) I'll bug them regarding ${s
Ermal Luçi writes:
Hello Ermal,
> I think you should send this email to ipsec-tool mailing list!
> Basically the daemon should be modified for this and FreeBSD
> is not the owner of such code.
I know ;) I'll bug them regarding ${suject} as well (some ipsec-tools
devs lurk there too)
I'm not su
On Mon, Oct 19, 2009 at 9:18 AM, Eric Masson wrote:
> Hello,
>
> OpenBSD has support for this kind of setup since last January :
> http://undeadly.org/cgi?action=article&sid=20090127205841
> The commit :
> http://marc.info/?l=openbsd-cvs&m=123246256228242&w=2
>
> >From what I've understood, pf, de
