From owner-freebsd-questions@FreeBSD.ORG  Wed Dec  3 15:28:47 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 205D11065670
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Dec 2008 15:28:47 +0000 (UTC) (envelope-from nrml@att.net)
Received: from web83803.mail.sp1.yahoo.com (web83803.mail.sp1.yahoo.com
	[69.147.85.69]) by mx1.freebsd.org (Postfix) with SMTP id 0C85E8FC08
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Dec 2008 15:28:47 +0000 (UTC) (envelope-from nrml@att.net)
Received: (qmail 95596 invoked by uid 60001); 3 Dec 2008 15:02:06 -0000
X-YMail-OSG: mdhUkSIVM1mivGd2pBfui.C0PSkq79QhsKBJemOBKksOwZixxIoBsc1qvV6vseI13CNck6vczXwbQVNa51uUSrds_azcc3XVL6wNmytwtJrSKS_Rv2A8R7xIrgYrWGsy3RulxFsQoev819SS9YS4C6lB
Received: from [69.43.143.172] by web83803.mail.sp1.yahoo.com via HTTP;
	Wed, 03 Dec 2008 07:02:05 PST
X-Mailer: YahooMailRC/1155.32 YahooMailWebService/0.7.218.2
Date: Wed, 3 Dec 2008 07:02:05 -0800 (PST)
From: nrml nrml <nrml@att.net>
To: freebsd-questions@freebsd.org
MIME-Version: 1.0
Message-ID: <11691.95194.qm@web83803.mail.sp1.yahoo.com>
Content-Type: text/plain; charset=us-ascii
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: IPSec + vpn + multicast
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2008 15:28:47 -0000

Hello,

I followed the handbook instructions and the ipsec(4) man page to setup vpn-over-ipsec for our company's site-to-site connection via our dedicated T1. Anyway I have it working but I found that I need to make sure that multicast traffic can traverse through the two subnets. I have the following options in my kernel:

FreeBSD somebox.domain.com 7.1-PRERELEASE FreeBSD 7.1-PRERELEASE #1: Fri Nov 21 08:11:47 PST 2008     root@somebox.domain.com:/usr/obj/usr/src/sysKERNEL  i386
device          crypto
options         IPSEC
options         IPSEC_FILTERTUNNEL
options         IPSEC_DEBUG         #debug for IP Security
options         IPSEC_NAT_T

ipsec-tools:
# This file is auto-generated by 'make config'.
# No user-servicable parts inside!
# Options for ipsec-tools-0.7.1
_OPTIONS_READ=ipsec-tools-0.7.1
WITH_DEBUG=true
WITH_IPV6=true
WITHOUT_ADMINPORT=true
WITHOUT_STATS=true
WITH_DPD=true
WITH_NATT=true
WITH_NATTF=true
WITH_FRAG=true
WITH_HYBRID=true
WITHOUT_PAM=true
WITHOUT_RADIUS=true
WITHOUT_LDAP=true
WITHOUT_GSSAPI=true
WITHOUT_SAUNSPEC=true
WITH_RC5=true
WITH_IDEA=true

Does anyone know how I can accomplish this? The goal is to try and have transparency between the two sites to and try and get Bonjour working. 

Thanks for your help.

--gabe