From owner-freebsd-questions Wed Feb 5 10:35:32 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A033D37B401 for ; Wed, 5 Feb 2003 10:35:30 -0800 (PST) Received: from pa-plum1b-166.pit.adelphia.net (pa-plum1b-166.pit.adelphia.net [24.53.161.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id AC49D43F75 for ; Wed, 5 Feb 2003 10:35:29 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([172.16.0.95]) by pa-plum1b-166.pit.adelphia.net (8.12.3/8.12.3) with ESMTP id h15IaqT5073332; Wed, 5 Feb 2003 13:36:53 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E415935.6030207@potentialtech.com> Date: Wed, 05 Feb 2003 13:34:29 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Marcel Stangenberger Cc: Philip Hallstrom , questions@FreeBSD.ORG Subject: Re: building a VPN with FreeBSD 4.7p3 References: <20030204080406.Q23132-100000@cypress.adhesivemedia.com> <20030204214707.X52428@eldar.hayholt.org> <3E40466E.3000906@potentialtech.com> <20030205125500.A53666@eldar.hayholt.org> <3E414446.3060500@potentialtech.com> <20030205192845.W565@eldar.hayholt.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Marcel Stangenberger wrote: >>>I've read the website and i figured that vtun is for binding two networks >>>together. The problems that i have is that: >>> >>>1. My FreeBSD internal system is not doing routing/nat, it has only one >>> interface with an RFC1918 IP on it. The router is an Allied Data 810. >>>2. My FreeBSD webserver doesn't have an inside interface, only an outside. >> >>Neither of these points prevents you from using vtun. Nor does either of >>them make it any more difficult to use, really. Actually, they're both >>good reasons to use vtun. >> >>Just set up your webserver as the vtun 'server' and the MySQL server as the >>vtun 'client'. Make sure to use TCP (not UDP) and things will work just >>fine. > > hmm, ok, i'll give that a try. > >>>I Hope this makes it a bit clearer, or you be able to tell me where i'm >>>wrong in this. >> >>I'm not sure exactly _where_ you're wrong, but you are. It can be done, >>quite easily in fact. >> >>What about your setup makes you believe that vtun can't create the connection >>you want? > > that fact that all examples that i've seen are using NAT and linking > multiple networks. That's not what i'm trying to do. Well, nat is definately not a requirement for a vtun, it's just that it's such a common scenerio that it gets lots of howtos written about it. And I would bet that (if you're using RFC-1918 addys as you say) that you really _are_ using nat. It's just not FreeBSD that's doing it, it's probably the router in your diagram that has built-in nat capabilities. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message