Problems with NAT on gif interface for VPN
Jeremie Le Hen
jeremie at le-hen.org
Fri Oct 29 07:14:09 PDT 2004
> Rather than a "problem" with ipfw however, I think I've got a
> fundamental problem with how to do this. If I understand correctly, in
> order for natd to "reverse" a divert rule (translate the destination
> IP back to the original IP on return traffic) the packet has to come
> through the same interface it was originally seen by natd on - is this
> correct?
>
> For whatever reason I still seem to be unable to use gif0 for this
> purpose, which seems to be the closest thing to an "ipsec interface"
> available (I'm beginning to think it's nowhere near as useful as enc0
> on OpenBSD). Thus, I'm stuck translating packets when they either
> enter the LAN interface or leave the WAN, the former seems the best
> option.
IIRC, I read somewhere this is precisely the reason why enc(4) was
written.
--
Jeremie Le Hen
jeremie at le-hen.org
More information about the freebsd-net
mailing list