Re: pf & isakmpd: NAT through encryption interface?
This is a discussion on Re: pf & isakmpd: NAT through encryption interface? within the lucky.openbsd.misc forums, part of the OpenBSD category; --> > Hi, Roy: > > Roy Morris wrote: > > > > Yes it does work! I guess I ...
| |||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-18-2008, 06:25 AM
| ||||
| ||||
 Re: pf & isakmpd: NAT through encryption interface? > Hi, Roy: > > Roy Morris wrote: > > > > Yes it does work! I guess I better hold on to these two > boxes I have. Seems > > they are the only ones that do! lol > > > > I have > > A. clients on each end behind a vpn/pf box > > B. enc0 binat from internal client to public IP of other side client > > C. /etc/hostname.if alias for the binat IP > > D. isakmpd.conf uses public IP (A) for phase 1, and (B > internal client nat) for > > phase 2 > > I've had a closer look at this... > > In my case, the other peer expects a private IP on my > internal network. > Your directions involve an alias. Do I need this alias? > > Can I not just nat on the encryption interface like so? > > nat on $enc_if from $internal_ip to $remote_internal_ip -> > $private_nat_address? > > This is really confusing me. > > -Stephen- Have you actually tried it? nat on enc0 from $ip_to_be_changed to $peer_net -> $nat_ip      |
Linear Mode
