"John R. Shannon" <john@johnrshannon.com> writes:

> Briefly, yes. I use IPSEC to connect home from hotels using NAT
> regularly on business trips. Often, I must go through more than one
> layer of NAT.

Thank you, that's encouraging.

>> (2) If so, how does one set up a tunnel between a box on some
>> private address space (e.g., 192.168.x.x), through the NAT device
>> to some address in the public IP space, without touching the NAT
>> box's routing?
>
> gif works well. If it's still there, FreeBSD has a HOWTO on setting
> this up.

I take it you mean this one:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html

I'm having trouble applying this HOWTO or gif(4)'s examples to my
case, since these docs only talk about running the tunnel setup
commands on routers, and there's an asymmetry when the laptop is
behind the NAT device, as the laptop doesn't have a public IP address.
My experimentation has mostly resulted in trashed routes on the laptop
or the home box.

Say the state of things looks like this:

+------------+
|   Laptop   |  192.168.0.100 (internal to somebody's network)
+------------+
      ^ |
      | v
+------------+  192.168.0.1 (internal)
|    NAT     |
+------------+  1.2.3.4 (public)
      ^ |
      | |
//===========\\
|| Internet  ||
\\===========//
      | |
      | v
+-------------+ 5.6.7.8 (public)
|  Home box   |
+-------------+ 192.168.1.1 (internal to my home network)

Can anybody tell me the commands (ifconfig and route invocations, I
believe) I'd have to run to establish a gif tunnel between the Laptop
and the Home box, both of which run NetBSD 2.0, in a case like this
one?

Thank you,
Richard