[strongSwan] FreeBSD 5.5.1/5.5.2 question

Karl Denninger karl at denninger.net
Sat May 6 20:33:17 CEST 2017


I've had Strongswan working without incident on a host that is direct
internet-facing for quite some time.

Now I wish to run it on a host that is NOT direct internet-facing - that
is, the configuration looks like this:


Internet-------Firewall---------------DMZ Host

I can easily (and successfully) "hole punch" through the firewall for
ports 500 and 4500, so it comes up.  HOWEVER, FreeBSD apparently does
not support the "farp" plugin (it won't compile on 5.5.1) and as a
result there's a problem because once I get the private address from the
DMZ host the network doesn't know how to find it.  It continually
beacons for an ARP response and not getting one, nothing works.

Is there an answer for this in the FreeBSD world under StrongSwan?

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170506/719afbe4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2993 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170506/719afbe4/attachment.bin>


More information about the Users mailing list