Hello,

I try to establish a esp-tunnel between two NetBSD-1.5.2/i386 boxes
192.168.112.2 and 10.0.0.1 (10.0.0.1 supposed to be a public IP address)

192.168.112.2 --- NAT -----(internet)------ 10.0.0.1
(10.25.0.1)

My problem is that one of the box (192.168.112.2) is NATed 10.25.0.1 (a
supposed public IP address).

So the ESP tunnel must be established between 192.168.112.2 and 10.0.0.1 in
the following way:

  - between  192.168.112.2 and 10.0.0.1 for host 192.168.112.2
  - between 10.0.0.1 and 10.25.0.1 for host 10.25.0.1

right ?

so, since I want to use pre_shared key in racoon (in file
/etc/racoon/psk.txt), I use this:

   '10.0.0.1 test_esp'  in 192.168.112.2:/etc/racoon/psk.txt file 
   '10.25.0.1 test_esp' in  10.0.0.1:/etc/racoon/psk.txt file

But this configuration does not work, racoon failed to negiocate corectly
the phase 1 of negociation .....

So:

- is it possible to establish an esp-tunnel with a NAT in-between the 2
  sides of the esp-tunnel ?

- I've down something wrong in my configuration ?

I look on the net, but It's really difficult to find pratical doc about IKE
protocol or informations on racoon for that configuration :(

Thanks for your help, ideas or clue(s) !

Regards,

Pierre Bourgin