• View
• Edit
• History
• Print

Binat

init# cat /etc/hostname.vio0
inet 104.167.241.52 0xffffff00
init# cat /etc/hostname.lo1
up

init# cat /etc/httpd.conf
# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $

server "example.com" {
        listen on 10.0.5.68 port 80
        location "/.well-known/acme-challenge/*" {
                root "/acme"
                request strip 2
        }
}


resp# cat /etc/pf.conf

resp="104.167.241.51"
ext_if="vio0"
pass in on $ext_if proto udp to $resp port {isakmp, ipsec-nat-t} tag IKED
pass in on $ext_if proto esp to $resp tag IKED
pass on enc0 inet tagged ROADW
match from 10.0.5.68 binat-to $ext_if
match in quick on enc0 inet proto { tcp, udp } to port 53 rdr-to 127.0.0.1 port 53


resp# cat /etc/iked.conf
gateway = "104.167.241.51"
hostname = "resp.example.com"
pool = "10.0.5.0/24"
dns = "104.167.241.51"

ikev2 $hostname passive esp \
        from any to dynamic \
        local $gateway peer any \
        srcid $hostname \
        config address $pool \
        config name-server $dns \
        tag "ROADW"

resp# cat /etc/hostname.vio0
inet 104.167.241.51 0xffffff00


resp# cat /etc/hostname.vether0
inet 10.0.5.1 0xffffff00