Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Sep 2004 14:26:46 -0700
From:      Julian Elischer <julian@elischer.org>
To:        miha@ghuug.org
Cc:        net@freebsd.org
Subject:   Re: question on tunnels (VPN)
Message-ID:  <4151EE16.1020100@elischer.org>
In-Reply-To: <200409221617.59860.miha@ghuug.org>
References:  <200409221617.59860.miha@ghuug.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


Mikhail P. wrote:

>Dear users,
>
>I have been experimenting with simple gif tunnels (no IPSec) in local network 
>(192.168.0.0/24). I have used the following scenario between two hosts (both 
>running FreeBSD-5.2.1):
>
>HOST_A [192.168.0.1]:
>ifconfig gif0 create
>ifconfig gif0 tunnel 192.168.0.1 192.168.0.2
>ifconfig gif0 10.0.0.1 10.0.0.2 netmask 255.255.255.255
>
>and on -
>
>HOST_B [192.168.0.2]:
>ifconfig gif0 create
>ifconfig gif0 tunnel 192.168.0.2 192.168.0.1
>ifconfig gif0 10.0.0.2 10.0.0.1 netmask 255.255.255.255
>
>The above works well for me, and I can send traffic on 10.0.0.1 and 10.0.0.2.
>
>The next thing I wanted to implement is to create similar tunnel from our 
>local router (which is FreeBSD too) to remote server, however there is small 
>problem which stops me - router has no public IP, and it sees internet 
>through DSL router, so basically that router is NAT'ed behind DSL router.
>As far as I understand, it appears to be that I won't be able to create such a 
>simple tunnel, unless my router gets public IP address.
>
>What I tried next was MPD pptp link (which is known to work behind NAT, unlike 
>above example), but something (ISP? DSL router?) cuts GRE packets on their 
>way, so MPD can't establish LCP connection with remote host.
>
>I'm now in loss as to what to try next - could someone please advise what 
>other techniques will work in my scenario (where I want to connect machine 
>which is behind NAT and no GRE packets will go through)?
>


I use MPD using the "UDP" transport.

in other words packets get sent as udp packets.

I then set up IPSEC to encrypt the UDP packets..

when I had a NAT in the way I did further encapsulate the GRE packets in 
UDP again :-)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4151EE16.1020100>