Date: Thu, 31 Oct 2002 16:42:09 +0100 From: "Michal F. Hanula" <frankie@kyblik.pieskovisko.sk> To: Wayne Pascoe <wayne@penguinpowered.org.uk> Cc: freebsd-questions@freebsd.org Subject: Re: IPSEC tunnel help Message-ID: <20021031154209.GK76961@kyblik.pieskovisko.sk> In-Reply-To: <86u1j2obzj.fsf@marvin.penguinpowered.org.uk> References: <86u1j2obzj.fsf@marvin.penguinpowered.org.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--LKTjZJSUETSlgu2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 31, 2002 at 03:37:52PM +0000, Wayne Pascoe wrote: > Hi all, >=20 > I'm struggling to setup a VPN. I'm now reading through > http://www.daemonnews.org/200101/ipsec-howto.html > and this is confusing me even more :(=20 >=20 > Reading this, I see: >=20 > However, if your goal is to set up a VPN, that is, link 2 > widely-separated networks together over the Internet, then you'll > probably want to use ESP/tunnel mode. >=20 > The example then goes on to show > spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec > esp/transport/1.2.3.4-5.6.7.8/require; >=20 > which is transport mode, no ?=20 Yes, this is transport mode. AFAIK the article describes a situation where you encapsulate the packets using IPIP (gif tunnel), which is then encapsulated using ESP (transoprt mode). Not sure this is a correct impression and if yes, why. >=20 > Can anyone point me at a decent howto to link 2 networks together? I'm > trying to setup 2 VPN gateways so that everything behind each of those > talks to everything behind the other one via a VPN.=20 >=20 > I'm also confused about the ifconfig instructions for the gif0 > device. I've got 2 network cards going with one being the external > device > (172.16.0.1 and 172.16.0.2 respectively) > and the other for the internal network > (10.0.1.1 and 10.0.2.1 respectively) > What should my gifconfig and ifconfig lines be ?=20 Last time I tried I just used spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec esp/tunnel/1.2.3.4-5.6.7.8/require; and an analogous line for the other direction. And, surprise, it worked. I think. m&f --=20 What do you care what other people think? --LKTjZJSUETSlgu2t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE9wU9RQgEMP0l2aH4RAremAJ93cZ49SUP9SfYOUtu/QiUYzUH4kQCglpiu p2IqMMGMvatEadBoC+2K4iU= =3Pfk -----END PGP SIGNATURE----- --LKTjZJSUETSlgu2t-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021031154209.GK76961>