On Wed, 29 Sep 2004 10:37:13 +0200, Peer Dicken <peer at dicken dot name> wrote:
> Am 28.09.2004 um 16:14 schrieb Peer Dicken:
>> My client's lan is 172.16.48.0 / 24. We need to establish a tunnel to
>> another network with 172.16.0.0/16.
>> I know this is - ahh - difficult. I want to get around it and created
>> a VLAN interface 192.168.233.254 / 24 which is used as the local
>> subnet in the ipsec definition.
> I thought I could do this with outbound NAT, but it does not work. Does
> really nobody have a hint for this problem? I want to NAT our LAN,
> using the 192.168.233 network. The other LAN has a route to
> 192.168.233.254, which is the VLAN interface.
FreeBSD _may_ be able to do this (not sure), but I'd say it's unlikely
you'll get m0n0 to do this with just 2 boxes.
However - it might be possible to make this work with 3 boxes, using
a dedicated m0n0 just to do 1:1 NAT..
172.16.48.0/24 <-> 1:1 NAT m0n0 <-> 192.168.233.0/24 <-> VPN m0n0 <->
I'm not sure if m0n0 will intercept DNS lookups for it's 1:1 NAT like some
of the expensive firewalls.. If it doesn't you could have a lot of