Great - at the moment I'm running two OpenBSD routers for a vpn, when I
upgrade NetBSD I'll try and run two NetBSD routers. I'll let you know how it
goes!

-----Original Message-----
From: tech-net-owner@netbsd.org [mailto:tech-net-owner@netbsd.org]On
Behalf Of Jun-ichiro itojun Hagino
Sent: 06 April 2001 03:46
To: net-and-current:
Subject: ipsec/ipf interaction change on 1.5 branch


	ipsec/ipf interaction change was pulled up to 1.5 branch.
	(the change has been available in netbsd-current since feb2001)

	summary:
	- ipf will look at wire-format packet, not the decapsulated IPsec
	  packets.
	benefit:
	- you can run NAT for traffic from your private-address cloud to the
	  outside world, and run VPN for traffic between private address cloud.
	  it was rather hard to do before.
	impact:
	- you may want to revisit ipf rules as well as ipsec rules, if you
	  are using them on the same box.

	for more details, visit the following URL.
	http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction

itojun