I'll start with basics here. The HOWTO at
<http://www.ipsec-howto.org/x299.html> is pretty obscure when it comes to
I have 3 machines. These have IP addresses A, B and C. C is NAT'd behind B
and has an RFC1918 address.
Machine A <--- Public Internet ---> Machine B <-- NAT --> Machine C
Hopefully, Machine C can be a gateway for the VPN on the network, even
though it's within the a LAN, so let's say we want to use C/24. Machine B
is passive as far as the VPN is concerned, simply doing Masquerading SNAT.
What should my security policy spdadd stanzas look like on both ends of this
Lindsay Haisley | "Fighting against human | PGP public key
FMP Computer Services | creativity is like | available at
512-259-1190 | trying to eradicate | <http://pubkeys.fmp.com>
http://www.fmp.com | dandelions" |
| (Pamela Jones) |