Date: Wed, 13 Oct 1999 20:36:49 -0400 From: "Patrick Bihan-Faou" <patrick@mindstep.com> To: "Philip Hallstrom" <philip@adhesivemedia.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: pipsecd example? Message-ID: <029001bf15dc$33f44c60$190aa8c0@local.mindstep.com> References: <Pine.BSF.4.10.9910131518590.26644-100000@mug.adhesivemedia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, > My setup: > > [---------] [---------] > [ FreeBSD ] [ FreeBSD ] > LAN A --[ 1 ]-- 1.1.1.1 -> INTERNET <- 2.2.2.2 --[ 2 ]-- LAN B > 10.0.0.x [ 3.2 ] [ 3.2 ] 10.2.0.x > [---------] [---------] > > > I've looked through the pipsecd.conf and it baffles me. For example -- > where do the values for the various keys come from? Your imagination... As long as one end's remote key(s) is the other end's local key(s). There is a mistake in the sample configuration file. I will correct it sometime... > Also, a general question. If I'm on client 10.2.0.5 and telnet to > 10.0.0.5, will it say that I am from 10.2.0.5 or from 2.2.2.2? Well it depends... If you are not running nat on the "tunX" interface (which should be the standard case), then you will be comming from 10.2.0.5. The "tunX" interface looks and behaves (almost) exactly as if you had a NIC card connected to a network with only 2 hosts (the local one and the remote one). The only difference is that instead of having a hardware connection (a ethernet wire), it has a software one (pipsecd). BTW, this also means that it needs an IP address on the network you chose as the "tunnel" network. Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?029001bf15dc$33f44c60$190aa8c0>