From owner-freebsd-net@FreeBSD.ORG Wed Sep 22 23:18:35 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5FCF416A4CE for ; Wed, 22 Sep 2004 23:18:35 +0000 (GMT) Received: from mailout2.barnet.com.au (mailout2.barnet.com.au [218.185.88.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id A322E43D53 for ; Wed, 22 Sep 2004 23:18:34 +0000 (GMT) (envelope-from edwin@mavetju.org) Received: by mailout2.barnet.com.au (Postfix, from userid 27) id 0C2E570749D; Thu, 23 Sep 2004 09:18:33 +1000 (EST) X-Viruscan-Id: <4152084800015B308BF4F6@BarNet> Received: from mail2-auth.barnet.com.au (localhost.barnet.com.au [127.0.0.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) Authority" (verified OK)) by mail2.barnet.com.au (Postfix) with ESMTP id BB6F470749C; Thu, 23 Sep 2004 09:18:32 +1000 (EST) Received: from k7.mavetju (edwin-3.int.barnet.com.au [10.10.12.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) Certificate Authority" (verified OK)) by mail2-auth.barnet.com.au (Postfix) with ESMTP id 2E9EC707455; Thu, 23 Sep 2004 09:18:32 +1000 (EST) Received: by k7.mavetju (Postfix, from userid 1001) id CB8E761C5; Thu, 23 Sep 2004 09:18:30 +1000 (EST) Date: Thu, 23 Sep 2004 09:18:30 +1000 From: Edwin Groothuis To: "Mikhail P." Message-ID: <20040922231830.GA1234@k7.mavetju> References: <200409221617.59860.miha@ghuug.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200409221617.59860.miha@ghuug.org> User-Agent: Mutt/1.5.6i cc: net@freebsd.org Subject: Re: question on tunnels (VPN) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 23:18:35 -0000 On Wed, Sep 22, 2004 at 04:17:59PM +0000, Mikhail P. wrote: > HOST_A [192.168.0.1]: > ifconfig gif0 create > ifconfig gif0 tunnel 192.168.0.1 192.168.0.2 > ifconfig gif0 10.0.0.1 10.0.0.2 netmask 255.255.255.255 > > and on - > > HOST_B [192.168.0.2]: > ifconfig gif0 create > ifconfig gif0 tunnel 192.168.0.2 192.168.0.1 > ifconfig gif0 10.0.0.2 10.0.0.1 netmask 255.255.255.255 > > The above works well for me, and I can send traffic on 10.0.0.1 and 10.0.0.2. > > The next thing I wanted to implement is to create similar tunnel from our > local router (which is FreeBSD too) to remote server, however there is small > problem which stops me - router has no public IP, and it sees internet > through DSL router, so basically that router is NAT'ed behind DSL router. > As far as I understand, it appears to be that I won't be able to create such a > simple tunnel, unless my router gets public IP address. I have the same situation here and the solution was to let the ADSL router forward all unknown traffic to my router. How to do that is router specific, but it can be done. Then, with the tunnels: central# ifconfig gif1 inet gif1: flags=8051 mtu 1280 tunnel inet 218.185.88.66 --> 203.111.122.8 inet 10.10.12.1 --> 10.10.12.2 netmask 0xffffffff remote# ifconfig gif1 inet gif1: flags=8051 mtu 1280 tunnel inet 192.168.1.1 --> 218.185.88.66 inet 10.10.12.2 --> 10.10.12.1 netmask 0xffffff00 203.111.122.8 is my ADSL routers address. 192.168.1.1 is my computers RFC1918 address. Two static routes, one on each machine, and it works. Edwin -- Edwin Groothuis | Personal website: http://www.mavetju.org edwin@mavetju.org | Weblog: http://weblog.barnet.com.au/edwin/