From owner-freebsd-questions Fri Mar 17 14:14: 3 2000 Delivered-To: freebsd-questions@freebsd.org Received: from horst.bfd.com (horst.bfd.com [12.9.219.10]) by hub.freebsd.org (Postfix) with ESMTP id 62C7D37B6AC for ; Fri, 17 Mar 2000 14:14:01 -0800 (PST) (envelope-from ejs@bfd.com) Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14]) by horst.bfd.com (8.10.0/8.10.0) with ESMTP id e2HMDtv87344; Fri, 17 Mar 2000 14:13:55 -0800 (PST) Date: Fri, 17 Mar 2000 14:13:55 -0800 (PST) From: "Eric J. Schwertfeger" To: Mike Tancsa Cc: questions@FreeBSD.ORG Subject: Re: ipsec, gif tunneling etc... In-Reply-To: <3.0.5.32.20000317164753.00bcda60@marble.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 17 Mar 2000, Mike Tancsa wrote: > > Apart from the KAME page, and the ipsec man page, and the > /usr/share/examples/IPv6 docs, does anyone have any other handy dandy > documentation ? > > I am trying to setup an IPv4 ipsec tunnel between two hosts and am not > having much luck :-( > > On machine A, I have lets say 172.1.1.1 and on machine B 10.10.10.1, > assigned to the ethernet adaptors on the respective machines. Its not > clear to me when its stated > > Use "gifconfig" to assign physical (outer) source and destination address > to gif interfaces." > > Any pointers (additional references) would be much appricated. Actually, they warn against using gif devices to tunnel IPv4 over IPv4. The normal method to tunnel that way is with tunnel-mode ESP, which is just a matter of setting up the various rules using the setkey command. I'd recommend searching the KAME mail archives. My knowledge is a little out of date, and I think they changed the way you set up SPD's since the last time I worked with KAME. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message