Date: Thu, 14 Oct 1999 12:55:35 -0700 (PDT) From: Philip Hallstrom <philip@adhesivemedia.com> To: Patrick Bihan-Faou <patrick@mindstep.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: pipsecd example? Message-ID: <Pine.BSF.4.10.9910141254190.30090-100000@mug.adhesivemedia.com> In-Reply-To: <029001bf15dc$33f44c60$190aa8c0@local.mindstep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Yahoo! I got it working. This is really cool. I've got one final question -- how can I verify that it is indeed encrypting the connection? I looked at tcpdump, but I'm not the best network packet analyzer in the world :) Thanks for everyone's help! If I get a few moments I'm going to put together a step by step and post it somewhere for others... On Wed, 13 Oct 1999, Patrick Bihan-Faou wrote: > Hi, > > > My setup: > > > > [---------] [---------] > > [ FreeBSD ] [ FreeBSD ] > > LAN A --[ 1 ]-- 1.1.1.1 -> INTERNET <- 2.2.2.2 --[ 2 ]-- LAN > B > > 10.0.0.x [ 3.2 ] [ 3.2 ] > 10.2.0.x > > [---------] [---------] > > > > > > I've looked through the pipsecd.conf and it baffles me. For example -- > > where do the values for the various keys come from? > > Your imagination... As long as one end's remote key(s) is the other end's > local key(s). There is a mistake in the sample configuration file. I will > correct it sometime... > > > > Also, a general question. If I'm on client 10.2.0.5 and telnet to > > 10.0.0.5, will it say that I am from 10.2.0.5 or from 2.2.2.2? > > Well it depends... If you are not running nat on the "tunX" interface (which > should be the standard case), then you will be comming from 10.2.0.5. > > The "tunX" interface looks and behaves (almost) exactly as if you had a NIC > card connected to a network with only 2 hosts (the local one and the remote > one). The only difference is that instead of having a hardware connection (a > ethernet wire), it has a software one (pipsecd). BTW, this also means that > it needs an IP address on the network you chose as the "tunnel" network. > > Patrick. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910141254190.30090-100000>