[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: setting up vpn tunnel with nat - twisted
Hi,This is possible, but very tricky. You can create a transport-mode IPSec
flow between the
I have two 192.168.1.0/24 networks physically separated. I need to
get connectivity from one to the other and vice versa _without_
That being said - I have an openbsd 3.6 machine with one public and
one private interface on each end.
I know I can setup the tunnel between the two. But because I can't
bridge and route between the same network, my question is setting up
NAT between them. Obviously the SRC and DST needs to be rewritten on
either side which means your typical NAT setup will not work. Can
this be achieved with pf? If anyone can point me in the right
direction I would appreciate it.
public IP of your 2 gateways, and then do "nat on enc0" and maybe "rdr
There is a chicken and eggs problem between the routing table lookup and
Read (man ipsec) about "NAT and *enc#* interfaces".
You will have to setup a dummy flow from 192.168.1.0/24 to convince the
to ipsec-process your packet.
Plan a good week of trial-and-error to make that work.