Hi, I've checked that and got it working.
There is part of my working configs: --- ipsec.conf --- ike esp from 172.16.95.1 (192.168.0.0/24) to ZZZ.ZZZ.ZZZ.ZZZ local XXX.XXX.XXX.XXX peer YYY.YYY.YYY.YYY \ main auth hmac-sha1 enc 3des group modp1024 \ quick auth hmac-sha1 enc 3des group modp1024 \ psk "secretpassphrasewasthere" --- pf.conf --- # VPN pass in log on enc0 proto ipencap from zzz.zzz.zzz.zzz to 172.16.95.1 pass out log on enc0 proto ipencap from 172.16.95.1 to zzz.zzz.zzz.zzz pass out log on enc0 from 192.168.0.0/24 to zzz.zzz.zzz.zzz nat-to 172.16.95.1 On Mon, Oct 11, 2010 at 11:11 AM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2010/10/09 03:38, Evgeniy Sudyr wrote: >> I' need to allow access from my private network to other private >> network through IPSEC. So I need only one way access from my net to >> another via NAT on lo1 interface. >> I've read this post and found it's great, so I tried to get same NAT >> config with PF but it not works as expected. >> >> Can I ask you guys to share your experience on this configuration. >> >> http://www.mail-archive.com/pf@benzedrine.cx/msg07969.html >> >> >> Btw, there is my configs http://pastebin.ca/1957804 >> -- >> -- >> With regards, >> Eugene Sudyr > > Using lo1 for this is an old hack, there is proper support now, > see "OUTGOING NETWORK ADDRESS TRANSLATION" in ipsec.conf(5). > > > -- -- With regards, Eugene Sudyr