From owner-freebsd-questions Thu Oct 31 7:29: 6 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A91B37B401 for ; Thu, 31 Oct 2002 07:29:04 -0800 (PST) Received: from rhenium.btinternet.com (rhenium.btinternet.com [194.73.73.93]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8EA2E43E7B for ; Thu, 31 Oct 2002 07:28:58 -0800 (PST) (envelope-from wayne@penguinpowered.org.uk) Received: from host217-35-10-192.in-addr.btopenworld.com ([217.35.10.192] helo=marvin.penguinpowered.org.uk) by rhenium.btinternet.com with esmtp (Exim 3.22 #8) id 187HFg-0002LD-00 for freebsd-questions@freebsd.org; Thu, 31 Oct 2002 15:28:56 +0000 Received: from waynep by marvin.penguinpowered.org.uk with local (Exim 3.33 #1) id 187HOK-0000kX-00 for freebsd-questions@freebsd.org; Thu, 31 Oct 2002 15:37:52 +0000 From: Wayne Pascoe To: freebsd-questions@freebsd.org Subject: IPSEC tunnel help Date: 31 Oct 2002 15:37:52 +0000 Message-ID: <86u1j2obzj.fsf@marvin.penguinpowered.org.uk> Lines: 36 User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all, I'm struggling to setup a VPN. I'm now reading through http://www.daemonnews.org/200101/ipsec-howto.html and this is confusing me even more :( Reading this, I see: However, if your goal is to set up a VPN, that is, link 2 widely-separated networks together over the Internet, then you'll probably want to use ESP/tunnel mode. The example then goes on to show spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec esp/transport/1.2.3.4-5.6.7.8/require; which is transport mode, no ? Can anyone point me at a decent howto to link 2 networks together? I'm trying to setup 2 VPN gateways so that everything behind each of those talks to everything behind the other one via a VPN. I'm also confused about the ifconfig instructions for the gif0 device. I've got 2 network cards going with one being the external device (172.16.0.1 and 172.16.0.2 respectively) and the other for the internal network (10.0.1.1 and 10.0.2.1 respectively) What should my gifconfig and ifconfig lines be ? -- - Wayne Pascoe Microsoft complaining about the source license used by Linux is like the event horizon calling the kettle black - adamba on k5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message