NAT-before-ipsec using if_ipsec
Andrey V. Elsukov
bu7cher at yandex.ru
Thu Aug 24 10:40:03 UTC 2017
On 24.08.2017 12:38, Jimmy Olgeni wrote:
>
> Hi,
>
> I came up with a working setup of if_ipsec, and was wondering if now
> it would be possible to perform NAT before ipsec using the resulting
> 'ipsec0' interface.
>
> The native PF solution seemed to be this:
>
> nat on ipsec0 from 172.30.1.1/28 to any -> 172.30.1.1
>
> But while it works on external interfaces, it does nothing for ipsec.
Can you describe your configuration, it is not clear to me, how you
expect it should work?
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20170824/d6b6a136/attachment.sig>
More information about the freebsd-net
mailing list