From owner-freebsd-questions Thu Nov 9 14:46:55 2000 Delivered-To: freebsd-questions@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 468F937B4CF; Thu, 9 Nov 2000 14:46:39 -0800 (PST) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.1/8.11.1) with ESMTP id eA9Mgfi22167; Thu, 9 Nov 2000 22:42:41 GMT (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.1) with ESMTP id eA9MhCB00794; Thu, 9 Nov 2000 22:43:12 GMT (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200011092243.eA9MhCB00794@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Julian Elischer Cc: Mike , freebsd-questions@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: VPN over PPPoE In-Reply-To: Message from Julian Elischer of "Thu, 09 Nov 2000 14:24:54 PST." <3A0B2436.EEC5188D@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 09 Nov 2000 22:43:12 +0000 From: Brian Somers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Mike wrote: > > > > Hi all, > > > > Has anyone ever successfully configured VPN (using IPSec protocol) over > > PPPoE connection? I have 1 VPN configured over 2 locations with T1 > > connections without any problem (using the KAME IPSec on FreeBSD > > 4.1.1). However, when I tried the same configuration with the 3rd > > location running DSL, it seems the IPSec packets can't reach out via tun0 > > device. > > how are the T1 lines connected? > more details on the pppoe connection might be good too.. > do you used the netgraph pppoe or the user-land pppoe front-end? > > ppp over pppoe uses a slightly reduced MTU > that may have something to do with it, but I doubt it.. > > have you tried ipsec over ppp with a dialup connection (if you have > one)? > maybe it's the ppp program having an argument with ipsec? > (One for Brian really..) > (I presume the pppoe connection is otherwise working ok).. At the moment there *may* be problems with IPSEC if you've got ``nat deny_incoming yes'' in your config. If this is the case, Ruslan is about to commit a fix (I've reviewed it and given the ok w/ some ppp patches). If not, there's no known problems with ppp & IPSEC. > > I've searched through the FAQ and mailing lists, and seen people suggest > > "pipsecd" for VPN over PPPoE. However, I do prefer using KAME IPSec for > > this type of implementation, and hope that someone can point me to some > > lights. > > > > Thank you all! > > > > Mike > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > -- > __--_|\ Julian Elischer > / \ julian@elischer.org > ( OZ ) World tour 2000 > ---> X_.---._/ presently in: Budapest -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message