From owner-freebsd-net@FreeBSD.ORG Thu Sep 23 12:45:17 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D11CD16A4FC for ; Thu, 23 Sep 2004 12:45:17 +0000 (GMT) Received: from phuket.psconsult.nl (ps226.psconsult.nl [213.222.19.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22A8043D1F for ; Thu, 23 Sep 2004 12:45:16 +0000 (GMT) (envelope-from fb-net@psconsult.nl) Received: from phuket.psconsult.nl (localhost [127.0.0.1]) by phuket.psconsult.nl (8.12.8p2/8.12.8) with ESMTP id i8NCjEYe000324 for ; Thu, 23 Sep 2004 14:45:14 +0200 (CEST) (envelope-from fb-net@psconsult.nl) Received: (from paul@localhost) by phuket.psconsult.nl (8.12.8p2/8.12.8/Submit) id i8NCjEbr000323 for net@freebsd.org; Thu, 23 Sep 2004 14:45:14 +0200 (CEST) Date: Thu, 23 Sep 2004 14:45:14 +0200 From: Paul Schenkeveld To: net@freebsd.org Message-ID: <20040923124514.GA99929@psconsult.nl> Mail-Followup-To: net@freebsd.org References: <200409221617.59860.miha@ghuug.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200409221617.59860.miha@ghuug.org> User-Agent: Mutt/1.5.6i Subject: Re: question on tunnels (VPN) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 12:45:17 -0000 On Wed, Sep 22, 2004 at 04:17:59PM +0000, Mikhail P. wrote: > Dear users, > > I have been experimenting with simple gif tunnels (no IPSec) in local network > (192.168.0.0/24). I have used the following scenario between two hosts (both > running FreeBSD-5.2.1): > > HOST_A [192.168.0.1]: > ifconfig gif0 create > ifconfig gif0 tunnel 192.168.0.1 192.168.0.2 > ifconfig gif0 10.0.0.1 10.0.0.2 netmask 255.255.255.255 > > and on - > > HOST_B [192.168.0.2]: > ifconfig gif0 create > ifconfig gif0 tunnel 192.168.0.2 192.168.0.1 > ifconfig gif0 10.0.0.2 10.0.0.1 netmask 255.255.255.255 > > The above works well for me, and I can send traffic on 10.0.0.1 and 10.0.0.2. > > The next thing I wanted to implement is to create similar tunnel from our > local router (which is FreeBSD too) to remote server, however there is small > problem which stops me - router has no public IP, and it sees internet > through DSL router, so basically that router is NAT'ed behind DSL router. > As far as I understand, it appears to be that I won't be able to create such a > simple tunnel, unless my router gets public IP address. > > What I tried next was MPD pptp link (which is known to work behind NAT, unlike > above example), but something (ISP? DSL router?) cuts GRE packets on their > way, so MPD can't establish LCP connection with remote host. > > I'm now in loss as to what to try next - could someone please advise what > other techniques will work in my scenario (where I want to connect machine > which is behind NAT and no GRE packets will go through)? Have a look at /usr/ports/net/vtun. It allows you to create tunnels over virtually any transport you can find including TCP and UDP (but also raw IP, serial lines, ssh tunnels ...). Tunnel endpoints are tunN devices. It has built in encryption (openssl) en compression (lzo, zlib and even a traffic shaper. > regards, > M. HTH Paul Schenkeveld, Consultant PSconsult ICT Services BV