openvpn and system overhead
Eugene Grosbein
eugen at grosbein.net
Tue Apr 23 21:39:26 UTC 2019
Moving to net@
24.04.2019 1:06, Wojciech Puchar wrote:
>>> can IPSEC VPN work over nat? even freebsd-freebsd case.
>>>
>>> I cannot find any tutorial how to do this.
>>
>> FreeBSD 11.1 and later supports IPSec NAT Traversal out-of-the-box.
>>
>>
>>
> so do you have an URL for guide how to do this. i have no real knowlege of this and would like to test it, first in my home router.
>
> my server have of course static public IP, but clients may have anything
You just run an IKE daemon of choice (ipsec-tools/racoon, strongswan etc.)
And optionally run mpd5 daemon if you need to support IPSec/L2TP clients too.
GENERIC kernel and standard daemon configuration is enough, no secrect knowledge.
Just don't forget to enable NAT-T while configuring IKE daemon.
More information about the freebsd-net
mailing list