Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 10 Dec 2001 12:28:43 +0200
From:      "Konstantin Reznichenko" <kot@premierbank.dp.ua>
To:        <freebsd-questions@freebsd.org>
Cc:        <freebsd-ipfw@freebsd.org>, <freebsd-hackers@freebsd.org>
Subject:   IPsec & dummynet - HELP!
Message-ID:  <002c01c18165$71512d70$8802a8c0@premierbank.dp.ua>
next in thread | raw e-mail | index | archive | help 
Hello, All.

   I do not know already where to dig!
Is IPSec the tunnel through dial-up, on it(him) with the help UUCP the file
exchange is organized.

IPSEC.CONF:
 #!/bin/sh
flush;
spdflush;
add 10.0.0.51 10.0.0.50 esp 0x10051 -m tunnel
 -E 3des-cbc "123456789012345678901234"
 -A hmac-sha1 "12345678901234567890";
add 10.0.0.50 10.0.0.51 esp 0x10050 -m tunnel
 -E 3des-cbc "123456789012345678901234"
 -A hmac-sha1 "12345678901234567890";
spdadd 192.168.2.0/24 192.168.3.0/24 any -P out ipsec
 esp/tunnel/10.0.0.50-10.0.0.51/require;
spdadd 192.168.3.0/24 192.168.2.0/24 any -P in ipsec
 esp/tunnel/10.0.0.51-10.0.0.50/require;

RC.CONF:
gif_interfaces = "gif0"
gifconfig_gif0 = " 10.0.0.50 10.0.0.51"
ifconfig_gif0 = " inet 192.168.2.249 192.168.3.212 netmask 255.255.255.0"
static_routes = "0"
route_0 = "-net 192.168.3.0 192.168.3.212 -netmask 255.255.255.0"
ipsec_enable = "YES"

I try to organize restriction of the traffic in the tunnel through gif0:

IPFW pipe 10 config bw 33600bit/s out
IPFW queue 1 config pipe 10 weight 50
IPFW add 60100 queue 1 tcp from any 540 to any via gif0

Under this rule any package does not get, TCPDUMP on gif0 - is silent.
On seen IPsec packages do not reach up to ipfw, and at once get in the
tunnel.
The search in the Internet has not brought expected results.
In OpenBSD there is a special device "enc" intended specially for these
purposes (through him(it) passes all traffic before that how to get in the
tunnel).
Really on FreeBSD it cannot be realized?
Somebody decided(solved) similar tasks?
I shall be grateful for any information!

Kot.

PS: I am sorry for bad English



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002c01c18165$71512d70$8802a8c0>