From owner-freebsd-net@FreeBSD.ORG  Sun May  2 03:49:18 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 996BA16A4CE; Sun,  2 May 2004 03:49:18 -0700 (PDT)
Received: from flash.mipk.kharkiv.edu (flash.mipk.kharkiv.edu
	[194.44.157.113])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 46E6643D46; Sun,  2 May 2004 03:49:15 -0700 (PDT)
	(envelope-from artem@mipk.kharkiv.edu)
Received: from mipk.kharkiv.edu (aws.aws-net.org.ua [192.168.32.1])
	i42AktT1079370;	Sun, 2 May 2004 13:46:57 +0300 (EEST)
	(envelope-from artem@mipk.kharkiv.edu)
Message-ID: <4094D189.7080305@mipk.kharkiv.edu>
Date: Sun, 02 May 2004 13:46:33 +0300
From: "Artyom V. Viklenko" <artem@mipk.kharkiv.edu>
Organization: IIAT NTU "KhPI"
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.4) Gecko/20030624
X-Accept-Language: ru, uk, en
MIME-Version: 1.0
To: "Mitch (bitblock)" <mitch@bitblock.com>
References: <JFEFJAFJPNHFPLKLGIHEAEGHDNAA.mitch@bitblock.com>
In-Reply-To: <JFEFJAFJPNHFPLKLGIHEAEGHDNAA.mitch@bitblock.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-isp@freebsd.org
cc: freebsd-net@freebsd.org
Subject: Re: Routing and VPN troubles...
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 May 2004 10:49:18 -0000

Mitch (bitblock) wrote:
> 
> The VPN stuff might be easy if I could figure out how to make FBSD1-3 route
> through FBSD4 (regardless of the fact that they are all on the same
> subnet... the traffic from FBSD1 needs to "bounce" off FBSD4 on it's way to
> FBSD3 for example... either that, or maybe the gif interfaces count as
> distinct interfaces for routing?

May be nos-tun, mpd (PPPoE), or even native netgraph solutin can help.
(There is one example for udp tunnel in /usr/share/examples/netgraph).
In both cases you will got separate interface for each connection.
But, in any case, if all FBSD1-3 boxes can communicate whit each other
directly, you have to apply appropriate rules on these boxes
to make this impossible.

Hope this can help you a bit.

-- 
        Sincerely yours,
                          Artyom V. Viklenko.
======================================================
System Administrator            artem@mipk.kharkiv.edu
------------------------------------------------------
IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002
Phone: +38 (0572) 400026        Fax: +38 (0572) 474062
======================================================