Vpn + nat

Z

zgabe

Hi,

I have the following scenario:

Code: 
Server1 ----- VPN Router -----(vpn)----- FreeBSD Box1 ------ Server2
                        |-----(vpn)----- FreeBSD Box2 ------ Server3
FreeBSD boxes run ipsec-tools and have three interfaces: em0-gif0 on the VPN side and em1 on the other. VPN router handles two VPN tunnel: one for FreeBSD Box1 and an other for FreeBSD Box2.
It could happen that Server2 and Server3 has the same IP address so I think on the FreeBSD Box1 the destination address has to be changed in the incoming packets destined to Server2 and the source address in the reply packets. As far as I know NAT might help.
I started to try it with PF.
man pf.conf says:
- nat: Translate outgoing packets' source addresses (any protocol).
- rdr: Translate incoming packets' destination addresses

According to this I have to use NAT on em0 or gif0 but it does not work as on em0 the traffic is encapsulated and the gif interface is inappropriate for NAT.

Any ideas?

BR
zgabe
 
clarification:
Code: 
Server1 ---internet---(em0)---Freebsd Box1---(em1)---Server2
                 |----(em0)---Freebsd Box2---(em1)---Server2
And your want that Server1, Server2, Server3 will be in one network with the aid of VPN service?
 
Server1 tries to communicate with Server2 and Server3 which are in different LANs. These LANs are behind FreeBSD boxes as I showed in the original post. I cannot change the architecture, I need solution for this scenario.
 
You must log in or register to reply here.
Back
Top