Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Mar 2001 13:43:38 -0600 (CST)
From:      Nick Rogness <nick@rogness.net>
To:        Usgado Lopez <00540562@academ01.maz.itesm.mx>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: VPN help.
Message-ID:  <Pine.BSF.4.21.0103061327290.70886-100000@cody.jharris.com>
In-Reply-To: <007b01c0a66d$a265cac0$a00121c8@nic.mx>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 6 Mar 2001, Usgado Lopez wrote:

> Ok after hours and hours of testing without success I am sending this
> email trying to find and answer.
> 
> Here is my problem:
> 
> Our office is connected to the central computer site using microwaves,
> and fiber . The medium is unsecure so I am trying to use IPSEC.
> 
> OFFICE CLASS C (x.x.x.x) -- usecure -- router (x.x.x.1)
> 
> I want to make something like this
> 
> OFFICE CLASS C (x.x.x.x) --nic1 freebsd nic2-- secure IPSEC --nic1
> frebsd nic2-router
> 
> I don't want to use NAT, I want to route and secure the traffic from
> the office to the router.
> 
> I need to subnet my class C, I understand the gif (tunnel part) but
> what about routing. What ip's should I use on the BSD boxes.
> 
	IP's for what part?  The tunnel?...It doesn't really matter since
	it is encapsulated with the real outside address.  Here's an
	example:

	1.1.1.0/24 -- machineA --unsecure-- machineB -- 2.2.2.0/24

	On MachineA:

	# gifconfig gif0 inet MACHINEA_OUTSIDE_IP MACHINEB_OUTSIDE_IP   
	# ifconfig gif0 172.16.1.1 172.16.1.2 netmask 255.255.255.252
	# route add -net 2.2.2.0 172.16.1.2 -netmask 255.255.255.0

	On MachineB:	

	# gifconfig gif0 inet MACHINEB_OUTSIDE_IP MACHINEA_OUTSIDE_IP   
	# ifconfig gif0 172.16.1.2 172.16.1.1 netmask 255.255.255.252
	# route add -net 1.1.1.0 172.16.1.1 -netmask 255.255.255.0

	Then add the IPSEC stuff to those tunnels.

Nick Rogness <nick@rogness.net>
- Keep on routing in a Free World...  
  "FreeBSD: The Power to Serve!"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0103061327290.70886-100000>