From owner-freebsd-net  Tue Apr  9  4:36:45 2002
Delivered-To: freebsd-net@freebsd.org
Received: from daydreamer.dk (213.237.14.128.adsl.ho.worldonline.dk [213.237.14.128])
	by hub.freebsd.org (Postfix) with SMTP id 0771C37B41E
	for <freebsd-net@FreeBSD.ORG>; Tue,  9 Apr 2002 04:36:41 -0700 (PDT)
Received: (qmail 41397 invoked from network); 9 Apr 2002 11:36:42 -0000
Received: from unknown (HELO dpws) (192.168.1.3)
  by 0 with SMTP; 9 Apr 2002 11:36:42 -0000
Message-ID: <00bd01c1dfba$c93724f0$0301a8c0@dpws>
From: "Dennis Pedersen" <trm@daydreamer.dk>
To: <freebsd-net@FreeBSD.ORG>,
	"Rogier R. Mulhuijzen" <drwilco@drwilco.net>
References: <MPENKFCCIIDAJKJJOLBHMEAJCNAA.tariq@inty.net> <5.1.0.14.0.20020408200151.01cac1f0@mail.drwilco.net> <007501c1df3f$326d92a0$0301a8c0@dpws> <3CB20A6D.3040704@isi.edu> <5.1.0.14.0.20020409123453.01d16880@mail.drwilco.net>
Subject: Re: IPsec tunnel mode
Date: Tue, 9 Apr 2002 13:36:27 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

From: "Rogier R. Mulhuijzen" <drwilco@drwilco.net>


> At 12:16 9-4-2002 +0200, Dennis Pedersen wrote:
> >But uhm is there a 'simple' way of doing this? (as in just adding the IP
of
> >the other ends gif interface as destinatio in my routes?
> >The setup today i an exact copy of (other IP's of course)
> >www.freebsddiary.org/ipsec-tunnel.php
> >This works just fine besides til problem with my routes, arcording to the
> >draft IPIP is the solution. My Question is now how do i set up with an
IPIP
> >tunnel?
> >On http://rr.sans.org/firewall/IPSec_VPN.php there is an example, from my
> >point of view it looks kind of complicated. Can it be made any simpler?
> >If this is the way to do it,  can i run mutible natd on both my external
> >interface and the virtual gif interface (the howto creates the gif tunnel
> >and diverts all trafic into this tunnel with natd on both ends) and how?
> >(because i can't really se how the ipfw add divert natd can tell the
> >difference between te 2 sessions of natd)
>
> That 2nd example is actually quite straightforward. It's just rather
extensive.

Okai i'll try it then , thanx :)

>
> And yes you can use 2 nat daemons. The 'natd' in the ipfw divert rule is
> just a port number. You can start a second nat on a different divert port,
> and use that other portnumber in the ipfw divert rule.

Uhm okai, but where do i see the port number for the 2 natd processes? , kan
i specify it somewhere or?

/Dennis


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message