From owner-freebsd-stable@FreeBSD.ORG Wed Apr 17 19:06:04 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 67BE1CEF for ; Wed, 17 Apr 2013 19:06:04 +0000 (UTC) (envelope-from mazhe@alkumuna.eu) Received: from smtp1-g21.free.fr (smtp1-g21.free.fr [IPv6:2a01:e0c:1:1599::10]) by mx1.freebsd.org (Postfix) with ESMTP id D45F5F84 for ; Wed, 17 Apr 2013 19:06:02 +0000 (UTC) Received: from yggdrasil.alkumuna.eu (unknown [IPv6:2a01:e35:8a74:6e70:232:36ff:fe5c:3a87]) by smtp1-g21.free.fr (Postfix) with ESMTP id C01E2940214 for ; Wed, 17 Apr 2013 21:05:55 +0200 (CEST) Received: from justice.alkumuna.eu (ADijon-555-1-356-216.w90-40.abo.wanadoo.fr [90.40.77.216]) (authenticated bits=0) by yggdrasil.alkumuna.eu (8.14.5/8.14.5) with ESMTP id r3HJ5qaN070461 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 17 Apr 2013 21:05:53 +0200 (CEST) (envelope-from mazhe@alkumuna.eu) Date: Wed, 17 Apr 2013 21:05:47 +0200 From: Matthieu Volat To: freebsd-stable@freebsd.org Subject: Re: IKEv2/IPSEC "Road Warrior" VPN Tunneling? Message-Id: <20130417210547.11b60339db0d7c67a52c1284@alkumuna.eu> In-Reply-To: <516739C9.4080902@denninger.net> References: <516739C9.4080902@denninger.net> X-Mailer: Sylpheed 3.3.0 (GTK+ 2.24.17; amd64-portbld-freebsd9.1) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart=_Wed__17_Apr_2013_21_05_47_+0200_FNitxUXSrnDTICgn" X-Content-Filtered-By: Mailman/MimeDel 2.1.14 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Apr 2013 19:06:04 -0000 This is a multi-part message in MIME format. --Multipart=_Wed__17_Apr_2013_21_05_47_+0200_FNitxUXSrnDTICgn Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Thu, 11 Apr 2013 17:31:37 -0500 Karl Denninger wrote: > Is there a "cookbook" for setting this up? There are examples for > setting up a tunnel between two fixed-address networks (e.g. a remote > LAN that needs to be "integrated" with a central LAN over IPSec but I > can't find anything addressing the other situation -- remote user(s) > where the connecting IPs are not known in advance, such as a person with > a laptop or smartphone in a random hotel. > > (And is there a better list for this in the freebsd-* paradigm for the > question?) > Sorry for answering this late, As mentionned in another answer, you can start with the roadwarrior server/client configuration in ipsec-tools examples. To work with FreeBSD, the phase1-up.sh and phase1-down.sh scripts must be customized. I've attached both scripts, tell me if it does not work, I'll upload them somewhere (maybe propose them for inclusion in the port tree?) -- Matthieu Volat --Multipart=_Wed__17_Apr_2013_21_05_47_+0200_FNitxUXSrnDTICgn--