[strongSwan] FreeBSD 5.5.1/5.5.2 question

Sat May 6 20:48:05 CEST 2017

That makes sense and is easy - thanks.

On 5/6/2017 13:38, Noel Kuntze wrote:
> Use a seperate subnet that is routed over the host strongSwan is running on or enable proxy arp and setup proxy arp in the updown script.
>
> On 06.05.2017 20:33, Karl Denninger wrote:
>> I've had Strongswan working without incident on a host that is direct internet-facing for quite some time.
>>
>> Now I wish to run it on a host that is NOT direct internet-facing - that is, the configuration looks like this:
>>
>>
>> Internet-------Firewall---------------DMZ Host
>>
>> I can easily (and successfully) "hole punch" through the firewall for ports 500 and 4500, so it comes up.  HOWEVER, FreeBSD apparently does not support the "farp" plugin (it won't compile on 5.5.1) and as a result there's a problem because once I get the private address from the DMZ host the network doesn't know how to find it.  It continually beacons for an ARP response and not getting one, nothing works.
>>
>> Is there an answer for this in the FreeBSD world under StrongSwan?
>>
>> -- 
>> Karl Denninger
>> karl at denninger.net <mailto:karl at denninger.net>
>> /The Market Ticker/
>> /[S/MIME encrypted email preferred]/
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users

-- 
Karl Denninger
karl at denninger.net <mailto:karl at denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170506/efa34bb8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2993 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170506/efa34bb8/attachment.bin>