* Thuban <thu...@yeuxdelibad.net> le [02-12-2018 19:16:09 +0100]: > Hi, > I need help to write a correct rule in pf.conf. > > I want : > > A -----> B ------> web > > The appearing IP of A is the B's one on the web. > > I managed to configure iked on A and B using default pubkeys according > to Stuart Henderson advices. > > iked.conf on A : > > ikev2 active ipcomp esp \ > from 192.168.100.0/16 to 0.0.0.0/0 \ > peer "xx.xx.xx.xx" \ > srcid "m...@moria.lan" \ > dstid "B-hostname.tld" \ > tag IKED > > iked.conf on B : > > ikev2 "warrior" passive esp \ > from 0.0.0.0/0 to 0.0.0.0/0 \ > local xx.xx.xx.xx peer any \ > srcid "B-hostname.tld" \ > tag IKED > > Auth works as expected : > > # iked -vvd > .. > sa_state: VALID -> ESTABLISHED from xx.xx.xx.xx:4500 to 192.168.100.122:4500 > policy 'policy1' > .. > > > But I can't reach internet from A through B. > > Here is the pf.conf on B (at least a small part of it) > > pass out on egress \ > from any to any tagged IKED \ > nat-to (egress) > >
I'm still stuck at the same point. Can someone give me an example of a working configuration natting ot Internet? Regards.