From owner-freebsd-net  Sat Apr  7  9:11: 5 2001
Delivered-To: freebsd-net@freebsd.org
Received: from mailhub.airlinksys.com (mailhub.airlinksys.com [216.70.12.6])
	by hub.freebsd.org (Postfix) with ESMTP id AC3C637B422
	for <net@freebsd.org>; Sat,  7 Apr 2001 09:11:02 -0700 (PDT)
	(envelope-from sjohn@airlinksys.com)
Received: from ns2.airlinksys.com (ns2.airlinksys.com [216.70.12.3])
	by mailhub.airlinksys.com (Postfix) with ESMTP id BDE7353501
	for <net@freebsd.org>; Sat,  7 Apr 2001 11:11:01 -0500 (CDT)
Received: by ns2.airlinksys.com (Postfix, from userid 1000)
	id 4EA7D5E0B; Sat,  7 Apr 2001 11:11:01 -0500 (CDT)
Date: Sat, 7 Apr 2001 11:11:01 -0500
From: Scott Johnson <sjohn@airlinksys.com>
To: net@freebsd.org
Subject: Re: VPN ?
Message-ID: <20010407111101.A1056@ns2.airlinksys.com>
Reply-To: Scott Johnson <sjohn@airlinksys.com>
Mail-Followup-To: net@freebsd.org
References: <20010407173907.A65222@libero.sunshine.ale>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010407173907.A65222@libero.sunshine.ale>; from ale@unixmania.net on Sat, Apr 07, 2001 at 05:39:08PM +0200
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Quoth Alessandro de Manzano on Sat, Apr 07, 2001 at 05:39:08PM +0200:
> Hi!
> 
> I've a couple of 4.2-stable machines on the Internet, both with static
> public IPs, so I would try to configure a VPN between them.
> 
> Is there a tutorial / how-to / examples somewhere ?
> I guess I should use the /dev/tunX devices, but how ?
> 
> Any hint is welcome! :-)
> 
> Thanks a lot!!
If both boxes have public IP addresses, there's no need for a tunnel. Just
use IPSEC transport mode. See

	http://www.freebsd.org/handbook/ipsec.html
	http://www.netbsd.org/Documentation/network/ipsec/
	http://www.daemonnews.org/200101/ipsec-howto.html
	
If you want to connect two networks with public IP addresses, use tunnel
mode as described in the above. If the networks are behind NAT, try this
approach using a gif tunnel:

	http://freebsd.cg.nu/ipsec.html

I've also used vtun to create a tunnel over UDP through my Linksys BEFSR41
at home, which is pretty much the same but uses vtund and a tun device. In
your situation, you shouldn't have to do that.

P.S.: Google is your friend.
-- 
                                 Scott Johnson
                          System/Network Administrator
                                Airlink Systems

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message