PF NAT and IPSec (ESP) not working
Slawek Zak
slawek.zak at gmail.com
Mon May 12 13:14:22 UTC 2008
Hi,
I probably do something wrong, and I can't seem to get NAT in PF
working with IPSec tunnel mode.
Here's the network diagram:
(172.16.0.0/16) internal network-- remote end of tunnel AA.AA.AA.AA
--- XX.XX.XX.XX re0 (Internet) ----- enc (IPSec) ---- ZZ.ZZ.ZZ.ZZ
gif1 --- tun0 --- YY.YY.YY.YY/24 OpenVPN clients
I want OpenVPN clients to be NAT'ed to ZZ.ZZ.ZZ.ZZ and then enter the
ipsec tunnel, be encrypted and land on the other side.
When I've setup NAT using following PF rule:
nat pass log on enc0 inet from YY.YY.YY.YY/24 to 172.16.0.0/16 -> ZZ.ZZ.ZZ.ZZ
the packets go out on gif1 but are not encrypted (no traffic on enc0).
Same for following NAT rule:
nat pass log on enc0 inet from YY.YY.YY.YY/24 to 172.16.0.0/16 -> ZZ.ZZ.ZZ.ZZ
Help, please!
Thanks, /S
More information about the freebsd-net
mailing list