IPSec + NAT
Michael DeMan
michael at staff.openaccess.org
Mon Apr 7 14:29:54 PDT 2003
Hi All,
We need a solution for VPN + NAT for wireless clients.
We use ipfilter/ipnat for all our boxes but have been forced
I am concerned about the long term management/maintenance issues with some
boxes running NATD and others IPNAT, including having staff need to know how
to support and debug different configurations and such.
Does anybody know of a way to utilize IPSec and IPNAT together? We assign
each box two IP addresses, one for the tunnel end point and the other for
the tunnel
I noticed in the kernel code that I could swap where IPSec and IPFilter does
its processing and have IPFilter do its work after IPSec in bound, and
before IPSec outbound. I'm not too thrilled with that either since we'd
have to fork from the BSD tree and upgrades would start getting tricky.
- Mike
Michael F. DeMan
Director of Technology
OpenAccess Internet Services
1305 11th St., 3rd Floor
Bellingham, WA 98225
Tel 360-647-0785 x204
Fax 360-738-9785
michael at staff.openaccess.org
More information about the freebsd-net
mailing list