Date: Sun, 26 Sep 1999 20:54:11 +0200 From: "Theo Purmer (Tepucom)" <theo@tepucom.nl> To: "'Jim Flowers'" <jflowers@ezo.net> Cc: "'freebsd-security@FreeBSD.ORG'" <freebsd-security@FreeBSD.ORG> Subject: skip acl (was skip and vpn) Message-ID: <01BF0861.492CDCB0.theo@tepucom.nl>
next in thread | raw e-mail | index | archive | help
Ok Jim im getting there but its
not working quite as it should
here's a drawing........
net1 192.168.1.0/24
----------------------
|
--------------
| skiphost 1 |
--------------
|
----------
| router |
----------
|
-----------
| the net |
-----------
|
----------
| router |
----------
|
--------------
| skiphost 2 |
--------------
|
--------------------------
net2 192.168.2.0/24
where net2 and net3 are rfc1918
on skiphost1 ive defined an acl on the
external (internet) interface that says
for net2 go through tunnel at skiphost2
using encryption etc
skiphost -i de0 -a 192.168.2.0 -M 255.255.255.0 -A xxx.x.x.x -v 2 -k DES-C
BC -t DES-CBC -m MD5 -r 8 -R kkkkkkkkkkkkk -s 8 -S kkkkkkkkkkkkkkkk
when i ping on the console of skiphost1 to the net2
interface on skiphost2 i see the packages go to skiphost2
i see them arrive at skiphost2 but i dont see a response
when i ping from a host on net1 to the net2 interface on
skiphost2 i see the packages arrive at skiphost1 where they
disappear.
when i ping on the console of skiphost1 to the internet
interface of skiphost2 then i see encrypted packages go to
skiphost2 en i see them coming back to.
i have not set any routes other then the default route
to the internet router
i appreciate your help
theo
----------
Van: Jim Flowers[SMTP:jflowers@ezo.net]
Verzonden: zaterdag 25 september 1999 22:22
Aan: Theo Purmer (Tepucom)
CC: 'freebsd-security@FreeBSD.ORG'
Onderwerp: Re: skip and vpn
Use different subnets for each of your internal rfc1918 networks and then
route the opposite end subnet to your local skiphost tunnel end. Only
the skiphost ACL record and external interface has to know about the
opposite end routable address.
Jim Flowers <jflowers@ezo.net>
#4 ISP on C|NET, #1 in Ohio
On Sat, 25 Sep 1999, Theo Purmer (Tepucom) wrote:
> Hi all.....
>
> got a problem here with skip and a vpn
>
> ive got two gateways running ipf, ipnat and skip.
> it all works the gateways are on the internet...(far apart)
>
> on the inside of the gateways im using rfc1918
> networks. I want to be able to go from one internal
> network via the vpn (using skip for encryption) to
> the other internal network.
>
> but i cannot just set up a route for the other internal
> network using the other skip gateway. I then get arp
> errors cuz it wants the other gateway to be on his
> subnet
>
> anybody got any ideas as how to get the tunnel running?
>
> thanks
>
> theo purmer
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01BF0861.492CDCB0.theo>