Re: racoon, IKEv1 and multiple ipsec clients behind NAT

[Mouse <mouse%Rodents-Montreal.ORG@localhost>]

> From what I just read in the manpage, it *should* work like this

>  - create a bridge with "ifconfig create bridge0" (?)
>  - create a tap interface with "ifconfig create tap0"
>  - bridge them together with "brconfig"
>     brconfig bridge0 add tap0
>     brconfig bridge0 add ethernet0 << whatever the device is

I have sometimes needed to add "brconfig bridge0 up" and/or "ifconfig
bridge0 up" to that list.  I haven't investigated in enough detail to
figure out exactly when I've needed that.

>  - put the LAN IP config on "bridge0"

No.  Putting configuration on the bridge itself is a Linuxism.  Put
your local IP configuration on tap0 or ethernet0 or whatever, one of
bridge's member interfaces.

I've never tried OpenVPN myself, so I can't speak to that part, but I
have done the above with my own software moving the packets between the
tap interfaces and had it work fine.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B