Hi,
I've checked that and got it working.
There is part of my working configs:
--- ipsec.conf ---
ike esp from 172.16.95.1 (192.168.0.0/24) to ZZZ.ZZZ.ZZZ.ZZZ local
XXX.XXX.XXX.XXX peer YYY.YYY.YYY.YYY \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des group modp1024 \
psk "secretpassphrasewasthere"
--- pf.conf ---
# VPN
pass in log on enc0 proto ipencap from zzz.zzz.zzz.zzz to 172.16.95.1
pass out log on enc0 proto ipencap from 172.16.95.1 to zzz.zzz.zzz.zzz
pass out log on enc0 from 192.168.0.0/24 to zzz.zzz.zzz.zzz nat-to 172.16.95.1
On Mon, Oct 11, 2010 at 11:11 AM, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2010/10/09 03:38, Evgeniy Sudyr wrote:
>> I' need to allow access from my private network to other private
>> network through IPSEC. So I need only one way access from my net to
>> another via NAT on lo1 interface.
>> I've read this post and found it's great, so I tried to get same NAT
>> config with PF but it not works as expected.
>>
>> Can I ask you guys to share your experience on this configuration.
>>
>> http://www.mail-archive.com/pf@benzedrine.cx/msg07969.html
>>
>>
>> Btw, there is my configs http://pastebin.ca/1957804
>> --
>> --
>> With regards,
>> Eugene Sudyr
>
> Using lo1 for this is an old hack, there is proper support now,
> see "OUTGOING NETWORK ADDRESS TRANSLATION" in ipsec.conf(5).
>
>
>
--
--
With regards,
Eugene Sudyr
