Date: Tue, 22 Jun 2010 20:41:07 +0200 From: Maciej Suszko <maciej@suszko.eu> To: <freebsd-net@freebsd.org> Subject: Re: vpn trouble Message-ID: <20100622204107.6c604c17@gda-arsenic> In-Reply-To: <20100622182242.GU2620@verio.net> References: <87260c422232fa7409a4b374341dd106@ewipo.pl> <20100622143543.GA72020@zeninc.net> <c5781e9db1e6339b5b23c0c403c68d9a@ewipo.pl> <20100622153541.GA72211@zeninc.net> <6caa9895ae1710b9f48a227116a4340c@ewipo.pl> <20100622190819.270aaa74@gda-arsenic> <4f378cfb416582c3081377ba714e508a@ewipo.pl> <20100622201130.5824d585@gda-arsenic> <20100622182242.GU2620@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/5C5DXajOX0hCikxqryYx.Zy Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable "David DeSimone" <fox@verio.net> wrote: > Maciej Suszko <maciej@suszko.eu> wrote: > > > > > So as you write they should set: ?? > > > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90 > > > (other side) > >=20 > > Yes, indeed. > >=20 > > > And additionaly I thing I should correct set spd policy to: > > >=20 > > > spdadd 10.20.0.1 10.10.1.90 any -P out ipsec > > > esp/tunnel/78.x.x.x-95.x.x.x/require; > > > spdadd 10.10.1.90 10.20.0.1 any -P in ipsec > > > esp/tunnel/95.x.x.x-78.x.x.x/require; > > >=20 > > > Am I wrong? > >=20 > > No, you're right :) > >=20 > > You can set up the tunnel first - check whether both 10. are > > accessible from both sides, then you "cover" communication between > > them with IPSEC. >=20 > Will this sort of GIF tunnel interoperate with Cisco and/or Checkpoint > VPN equipment? In our tests we were able to use pure IPSEC tunnel > encapsulation to interoperate with these sorts of devices, so we never > found a need for GIF encapsulation. I'm not sure what's on the other side, AFAIK some hardware solution. --=20 regards, Maciej Suszko. --Sig_/5C5DXajOX0hCikxqryYx.Zy Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkwhA8YACgkQCikUk0l7iGrkAACfdRvHx0bJoS8YaKANcCo+atxB kOUAoIf0PmOku+P994nEvUalXWPa5eMA =A7S8 -----END PGP SIGNATURE----- --Sig_/5C5DXajOX0hCikxqryYx.Zy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100622204107.6c604c17>