From owner-freebsd-questions@FreeBSD.ORG  Sat May 31 23:49:23 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F3ADD1065674
	for <freebsd-questions@freebsd.org>;
	Sat, 31 May 2008 23:49:22 +0000 (UTC)
	(envelope-from alexus@gmail.com)
Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.228])
	by mx1.freebsd.org (Postfix) with ESMTP id E8B968FC17
	for <freebsd-questions@freebsd.org>;
	Sat, 31 May 2008 23:49:22 +0000 (UTC)
	(envelope-from alexus@gmail.com)
Received: by rv-out-0506.google.com with SMTP id b25so454220rvf.43
	for <freebsd-questions@freebsd.org>;
	Sat, 31 May 2008 16:49:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	bh=5OjQL3B8hoyWKARdEa5ahFcZZsLcImd6teJ35aEn4bM=;
	b=OCgH2MhRUcxFemZBdCXM7G3eY1ZoMp+oea5z2xQ29opAf6FhSbd8wZPpk3JSY4Ujo2/vlhfLyLa2vD141tN0+KkgDYwjnxsvySwBEecTu6FCK9zg6gXUv9OaRA9k6GvwGzbuv6/a5hmpeMqKfn32BN/1Ka2bRev6A/5YOxwHXUs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=vttkYQmJHDBrREc5Ievs+koKcH1h0DUytzHGX/tk2qxX8jGt0SxMiS9gpuZelxgF2c9mb7O8PoEukYp6m0W/k5c1X+xNFvycZe7SdDr37CEZKobo0sBgIXPZ02eINeEG/+RWEYm489zgR8Inhz6eVcNRbpcx/s5125kw6RK5SqY=
Received: by 10.114.180.1 with SMTP id c1mr7982112waf.204.1212277762485;
	Sat, 31 May 2008 16:49:22 -0700 (PDT)
Received: by 10.114.174.15 with HTTP; Sat, 31 May 2008 16:49:22 -0700 (PDT)
Message-ID: <6ae50c2d0805311649p14863af3y43af39fb4aa2cc8a@mail.gmail.com>
Date: Sat, 31 May 2008 19:49:22 -0400
From: alexus <alexus@gmail.com>
To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: VPN (IPSEC)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 May 2008 23:49:23 -0000

Hello,

I'm trying to establish a VPN tunnel over internet, I read a
http://www.freebsd.org/doc/en/books/handbook/ipsec.html on how to set
it up, I'm some what strangeling if my setup will work at all.

i have box #1 that have 1 primary IP, which is private IP but in front
of my box, I have a device that translate a public IP address into
private IP, so "technicaly" its a public IP not a private, yet system
sees it as private, yet my box #2 has interface with real public ip
and another interface with private ip, i created GIF0 interface, yet i
can't ping private range on other box.


box#1

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:0f:fe:aa:f4:61
        inet 192.168.1.251 netmask 0xffffff00 broadcast 192.168.1.255
        inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet 38.96.123.42 --> 74.2.252.194
        inet 192.168.1.251 --> 192.168.2.252 netmask 0xffffffff
alexus@jot ~ 503$ netstat -rn | grep gif0
192.168.2.252      192.168.1.251      UH          0       15   gif0
alexus@jot ~ 504$

box#2

su-3.2# ifconfig
dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:1a:70:10:e3:89
        inet 74.2.252.194 netmask 0xfffffff8 broadcast 74.2.252.199
        media: Ethernet autoselect (100baseTX)
        status: active
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 00:13:20:09:53:31
        inet 192.168.2.252 netmask 0xffffff00 broadcast 192.168.2.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet 127.0.0.1 netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet 74.2.252.194 --> 38.96.132.42
        inet 192.168.2.252 --> 192.168.1.251 netmask 0xffffffff
su-3.2# netstat -rn | grep gif0
192.168.1.251      192.168.2.252      UH          0      602   gif0
su-3.2#


any suggestions are welcome, thanks!
-- 
http://alexus.org/