Date: Wed, 20 Mar 2002 20:57:47 +0100 From: Rickard Borgmäster <doktorn@realworld.nu> To: freebsd-security@freebsd.org Subject: IPSec tunnel FreeBSD<->OpenBSD using isakmp Message-ID: <20020320205747.4197222b.doktorn@realworld.nu>
next in thread | raw e-mail | index | archive | help
Dunno if this belongs to net or security but...
I've established a tunnel between my home FreeBSD host and a corporate
OpenBSD firewall. This works just fine. Well, works, but not good enough.
Specs:
home:
FreeBSD 4.5
IPF
pub-ip: 130.236.218.63
priv-net: 192.168.2.0/24
office:
OpenBSD 3.0-stable
PF
pub-ip: 213.88.128.16
priv-net: 10.0.0.0/24
I think I have this somewhat going. If I launch isakmpd at both ends,
I can see this at OpenBSD box:
# netstat -rn
[...]
Port Destination Port Proto SA(Address/Proto/Type/Direction)
192.168.2/24 0 10.0.0/24 0 0
130.236.218.63/50/use/in 10.0.0/24 0 192.168.2/24 0
0 130.236.218.63/50/require/out
However, on the FreeBSD side, netstat -rn won't show anything about
10.0.0.0/24. Maybe Encap routes won't show in the ordinary routing table
on FreeBSD?
Well, anyways, this works just fine. From 192.168.2.0/24 I can ping to
10.0.0.0/24 and vice versa. Both the private networks can communicate just
fine. However, there is one thing that won't work. Prooly this is a
by-design thing, but I still want it to work =)
From either the OpenBSD or FreeBSD box, I am unable to reach the private
net behind the other IPSec node. Ie, from FreeBSD box, I cannot reach
10.0.0.0/24. And from OpenBSD box, I cannot reach 192.168.2.0/24.
How come?
--
Rickard
.--. .--.
.----------------------------------------. | | | | .-.
| Rickard Borgmäster | | | | |/ /
| doktorn@sub.nu | .-^ | .--. | <
| http://doktorn.sub.nu/ | ( o | ( () ) | |\ \
`----------------------------------------' `-----' `--' `--' `--'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020320205747.4197222b.doktorn>