From owner-freebsd-security Thu Oct 14 12:54:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from mug.adhesivemedia.com (mug.adhesivemedia.com [207.202.159.73]) by hub.freebsd.org (Postfix) with ESMTP id 4D61515121 for ; Thu, 14 Oct 1999 12:54:24 -0700 (PDT) (envelope-from philip@adhesivemedia.com) Received: from localhost (philip@localhost) by mug.adhesivemedia.com (8.9.3/8.9.3) with ESMTP id MAA31281; Thu, 14 Oct 1999 12:55:35 -0700 (PDT) (envelope-from philip@adhesivemedia.com) Date: Thu, 14 Oct 1999 12:55:35 -0700 (PDT) From: Philip Hallstrom To: Patrick Bihan-Faou Cc: freebsd-security@FreeBSD.ORG Subject: Re: pipsecd example? In-Reply-To: <029001bf15dc$33f44c60$190aa8c0@local.mindstep.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yahoo! I got it working. This is really cool. I've got one final question -- how can I verify that it is indeed encrypting the connection? I looked at tcpdump, but I'm not the best network packet analyzer in the world :) Thanks for everyone's help! If I get a few moments I'm going to put together a step by step and post it somewhere for others... On Wed, 13 Oct 1999, Patrick Bihan-Faou wrote: > Hi, > > > My setup: > > > > [---------] [---------] > > [ FreeBSD ] [ FreeBSD ] > > LAN A --[ 1 ]-- 1.1.1.1 -> INTERNET <- 2.2.2.2 --[ 2 ]-- LAN > B > > 10.0.0.x [ 3.2 ] [ 3.2 ] > 10.2.0.x > > [---------] [---------] > > > > > > I've looked through the pipsecd.conf and it baffles me. For example -- > > where do the values for the various keys come from? > > Your imagination... As long as one end's remote key(s) is the other end's > local key(s). There is a mistake in the sample configuration file. I will > correct it sometime... > > > > Also, a general question. If I'm on client 10.2.0.5 and telnet to > > 10.0.0.5, will it say that I am from 10.2.0.5 or from 2.2.2.2? > > Well it depends... If you are not running nat on the "tunX" interface (which > should be the standard case), then you will be comming from 10.2.0.5. > > The "tunX" interface looks and behaves (almost) exactly as if you had a NIC > card connected to a network with only 2 hosts (the local one and the remote > one). The only difference is that instead of having a hardware connection (a > ethernet wire), it has a software one (pipsecd). BTW, this also means that > it needs an IP address on the network you chose as the "tunnel" network. > > Patrick. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message