From owner-freebsd-security Wed Oct 13 17:36:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from jacuzzi.local.mindstep.com (modemcable156.106-200-24.mtl.mc.videotron.net [24.200.106.156]) by hub.freebsd.org (Postfix) with SMTP id E4DCA14D6D for ; Wed, 13 Oct 1999 17:36:50 -0700 (PDT) (envelope-from patrick@mindstep.com) Received: (qmail 3640 invoked from network); 14 Oct 1999 00:36:49 -0000 Received: from unknown (HELO patrak) (192.168.10.25) by jacuzzi.local.mindstep.com with SMTP; 14 Oct 1999 00:36:49 -0000 Message-ID: <029001bf15dc$33f44c60$190aa8c0@local.mindstep.com> From: "Patrick Bihan-Faou" To: "Philip Hallstrom" , References: Subject: Re: pipsecd example? Date: Wed, 13 Oct 1999 20:36:49 -0400 Organization: MindStep Corporation MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > My setup: > > [---------] [---------] > [ FreeBSD ] [ FreeBSD ] > LAN A --[ 1 ]-- 1.1.1.1 -> INTERNET <- 2.2.2.2 --[ 2 ]-- LAN B > 10.0.0.x [ 3.2 ] [ 3.2 ] 10.2.0.x > [---------] [---------] > > > I've looked through the pipsecd.conf and it baffles me. For example -- > where do the values for the various keys come from? Your imagination... As long as one end's remote key(s) is the other end's local key(s). There is a mistake in the sample configuration file. I will correct it sometime... > Also, a general question. If I'm on client 10.2.0.5 and telnet to > 10.0.0.5, will it say that I am from 10.2.0.5 or from 2.2.2.2? Well it depends... If you are not running nat on the "tunX" interface (which should be the standard case), then you will be comming from 10.2.0.5. The "tunX" interface looks and behaves (almost) exactly as if you had a NIC card connected to a network with only 2 hosts (the local one and the remote one). The only difference is that instead of having a hardware connection (a ethernet wire), it has a software one (pipsecd). BTW, this also means that it needs an IP address on the network you chose as the "tunnel" network. Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message