On Fri, Nov 16, 2001 at 11:10:12AM -0500, Rob Gridley wrote:

<snip>

>> The 'better' free (as in beer) solutions would be Free S/WAN
>> (www.freeswan.org) for Linux or KAME (www.kame.net) for BSDs.
>
> There is an extra complication I forgot to mention. The clients are Mac OS
> 9. The only VPN Client I can find for Mac OS is PGP Corporate Desktop which
> actually appears to be quite good. It only works with IPSec based VPNs
> though.
>
> I have successfully setup NetBSD IPSec (KAME) in transport mode and
> connected a Mac OS 9 client to it using the PGP Corporate Desktop software.
> That was just a test to make sure that the client software worked.
>
> My question is, is it possible to use these together solve my problem? It
> would be very easy if IPSec played nice with IPNAT. I could just use
> redirects to connect to specific services inside my network.

Your IPSec tunnel is just the connection stuff, you're going to need
some routing in there too.  Your NetBSD/KAME box is going to have to
know how to pass packets between your internal net and the IPSec clients.

Basically, you should have:

Home PC (Mac OS/9 system) connected to the net somehow, probably via a
broadband connection of some sort.  This system will either have a
public/internet routable IP, or it's router will.

NetBSD system at work running KAME, also sitting on a public IP, or has
the proper ports being forwarded to it via the NAT router.

Each end of the IPSec tunnel should have an IP from 1918 space and the
server end of the tunnel needs to know how to route the internal traffic
back and forth through the tunnel.

-- 
Michael Parson
mparson@bl.org