From owner-freebsd-questions@FreeBSD.ORG Thu Jun 30 15:01:34 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A228916A41C for ; Thu, 30 Jun 2005 15:01:34 +0000 (GMT) (envelope-from tradigan@newrevolutions.net) Received: from mail1.flncs.com (ns1.flncs.com [204.0.142.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F76643D53 for ; Thu, 30 Jun 2005 15:01:33 +0000 (GMT) (envelope-from tradigan@newrevolutions.net) Received: (qmail 94579 invoked by uid 98); 30 Jun 2005 15:01:33 -0000 Received: from 66.166.153.85 by beastie.flncs.com (envelope-from , uid 89) with qmail-scanner-1.25 (clamdscan: 0.82/795. spamassassin: 3.0.2. Clear:RC:1(66.166.153.85):. Processed in 0.142135 secs); 30 Jun 2005 15:01:33 -0000 X-Qmail-Scanner-Mail-From: tradigan@newrevolutions.net via beastie.flncs.com X-Qmail-Scanner: 1.25 (Clear:RC:1(66.166.153.85):. Processed in 0.142135 secs) Received: from h-66-166-153-85.phlapafg.covad.net (tradigan@newrevolutions.net@66.166.153.85) by 0 with SMTP; 30 Jun 2005 15:01:32 -0000 From: tradigan@newrevolutions.net To: freebsd-questions@freebsd.org Date: Thu, 30 Jun 2005 11:00:28 -0400 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506301100.28371.tradigan@newrevolutions.net> Subject: VPN Tunnel X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jun 2005 15:01:34 -0000 Hey everyone.. I'm having some problems getting a VPN tunnel working between two sites. Currently I am just trying to establish a tunnel and worry about the encryption after the tunnel is up and functional, however I cannot even get the tunnel established. I have followed the directions from the FreeBSD handbook but had no luck. Here is my scenario: Network 1: FreeBSD Internal IP: 192.168.20.13 FreeBSD External IP: 12.34.56.78 Network 2: FreeBSD Internal IP: 192.168.15.2 FreeBSD External IP: 87.65.43.21 On the Network 1 Box, I configured the gif0 interface as follows: root@freebsd# ifconfig gif0 create root@freebsd# ifconfig gif0 tunnel 12.34.56.78 87.65.43.21 root@freebsd# ifconfig gif0 inet 192.168.20.13 192.168.15.2 netmask 255.255.255.255 For IPFilter, I have the following rules at the TOP of the script: pass in quick from 87.65.43.21 to any on xl0 pass in quick on gif0 all pass out quick on gif0 all On the Network 2 Box, I configured the gif0 interface as follows: root@host# ifconfig gif0 create root@host# ifconfig gif0 tunnel 87.65.43.21 12.34.56.78 root@host# ifconfig gif0 inet 192.168.15.2 192.168.20.13 netmask 255.255.255.255 For IPFilter, I have the following rules at the TOP of the script: pass in quick from 12.34.56.78 to any on xl0 pass in quick on gif0 all pass out quick on gif0 all After I have created both gif0 interfaces on each of the boxes, the FreeBSD handbook says I should be able to ping the private IP of the other BSD machine. When I ping from Network 1, I don't get any type of response and just 100% failed sent packets. When I ping from Network 2, I get a 'No route to host' message as well as 100% failed sent packets. I have been at this for 2 days now and I'm really starting to get frustrated. Am I missing something here? Any help would be appreciated. --Tim