From owner-freebsd-net Fri Sep 21 1:38: 9 2001 Delivered-To: freebsd-net@freebsd.org Received: from day.anthologeek.net (day.anthologeek.net [212.43.217.20]) by hub.freebsd.org (Postfix) with ESMTP id BFE2E37B411 for ; Fri, 21 Sep 2001 01:38:06 -0700 (PDT) Received: by day.anthologeek.net (Postfix, from userid 1000) id 77B4D171E8; Fri, 21 Sep 2001 10:37:33 +0200 (CEST) Date: Fri, 21 Sep 2001 10:37:33 +0200 From: Sameh Ghane To: Julian Elischer Cc: net@freebsd.org Subject: Re: IPSEC question.. Message-ID: <20010921103733.F77863@anthologeek.net> References: <3BAADF3F.D48189AD@elischer.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3BAADF3F.D48189AD@elischer.org>; from julian@elischer.org on Thu, Sep 20, 2001 at 11:33:35PM -0700 X-PGP-Keys: 0x1289F00D: Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Le (On) Thu, Sep 20, 2001 at 11:33:35PM -0700, Julian Elischer ecrivit (wrote): > The sample docs and the daemon-news > article get me part way started to making an encrypted > tunnel using IPsec4 between two networks. > However The are really quite confusing... > > Is there a SIMPLE description of what all the parts do? > > I have a gif tunnel going, but it's not clear to me how I make this tunnel > start encrypting the damned data. > > I've fiddled with several commands (e.g. setkey) but tcpdump keeps showing > plain encapsulated packets...no encryption.. Humm, which interface are you tcpdumping ? I chose to use gif, to encapsulate RFC1918 packets onto the Internet. Then I use IPSec, in transport mode, to encrypt traffic (using ESP after racoon IKE), between the two hosts with public IP address. So I can see encrypted packets only on the NIC interface, not on gif0. Cheers, -- Sameh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message