Re: Masquerading IPSec connections on FreeBSD?

[Patrick J Okui <pokui at one2net.co.ug>]

On Wed, 2002-09-11 at 10:18, Brian Candler wrote:
> I just came across this in the IPF FAQ:
> 
>    29. How do you use the IPSec Proxy?
>    
>      Unfortunately, I've never used it myself. At this point the best I
>      can do is give you the syntax:
>      map ext-interface int-address/24 -> ext-address/32 proxy port 500 ipsec/udp
> 
> So it looks like there is a specific proxy for IPSEC connections being nat'd
> through the firewall after all.
> 
> The source is here:
> /usr/src/sys/contrib/ipfilter/netinet/ip_ipsec_pxy.c 
> 
> It looks like it doesn't use the SPI, which I think means you can't NAT two
> clients talking to the same tunnel endpoint (but that may be a restriction
> of IPSEC anyway). But what it does do is ensure that the UDP ISAKMP exchange
> opens up the ESP path. It's probably worth trying anyway.

Thanks, I also came across it but did not know where to find the source.
I guess I will just compile it right now and see.

Patrick.
> 
> Cheers,
> 
> Brian.
> 
-- 
Patrick J Okui
Systems Administrator
One2Net (U) Ltd


-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org