From owner-freebsd-questions@FreeBSD.ORG Thu Oct 12 18:16:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D3D216A40F for ; Thu, 12 Oct 2006 18:16:48 +0000 (UTC) (envelope-from snagit@cbpratt.prohosting.com) Received: from n016.sc0.cp.net (smtpout1069.sc0.he.tucows.com [64.97.144.69]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DBAF43D70 for ; Thu, 12 Oct 2006 18:16:46 +0000 (GMT) (envelope-from snagit@cbpratt.prohosting.com) Received: from [192.168.1.100] (67.47.213.85) by n016.sc0.cp.net (7.2.069.1) (authenticated as eagletree@hughes.net) id 452E7A4F00003255 for freebsd-questions@freebsd.org; Thu, 12 Oct 2006 18:16:29 +0000 Mime-Version: 1.0 (Apple Message framework v752.2) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: FreeBSD Questions From: Chris Date: Thu, 12 Oct 2006 11:16:19 -0700 X-Mailer: Apple Mail (2.752.2) Subject: gif questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Oct 2006 18:16:48 -0000 In 14.10, it appears the description of setting up the VPN tunnel is built on a box directly connected to the internet. The tunnel I'm trying to design is one level back since the ISP router provides private address space host-mapped on the router. Additionally, the example shows the creation of a tunnel for a single network and I'm trying to accommodate multiples. So the questions are: 1. If one has private address host-mapped to the public IP by the ISP router, should the tunnel reference the actual interface address as in: ifconfig gif0 192.168.1.2 W.X.Y.Z ifconfig gif0 inet 192.168.2.1 192.168.3.1 netmask 0xffffffff where: 192.168.1.2 is the private address host-mapped to public via the local router W.X.Y.Z is the host mapped public address on the other end 192.168.2.1 is the backend interface of this end's server 192.168.3.1 is the remote server's backend NIC. ...or should the 192.168.1.2 be given as the resultant public IP? 2. When creating tunnels to multiple locations, is the net.link.gif.parallel_tunnels sysctl required? I was unclear if that is what's needed to have gif0, gif1 etc. or if parallel as referenced in man gif means something other than peer level tunnels.