Date: Sat, 22 Sep 2001 01:23:18 +0100 From: Brian Somers <brian@freebsd-services.com> To: Julian Elischer <julian@elischer.org> Cc: Brian Somers <brian@freebsd-services.com>, net@FreeBSD.ORG, brian@freebsd-services.com Subject: Re: IPSEC question.. Message-ID: <200109220023.f8M0NIR46299@hak.lan.Awfulhak.org> In-Reply-To: Message from Julian Elischer <julian@elischer.org> of "Fri, 21 Sep 2001 13:58:17 PDT." <Pine.BSF.4.21.0109211334120.37053-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Once you've got the gif tunnel working, say with top addresses
> > 10.0.0.1 and 10.0.0.2 and tunnel addresses 1.2.3.4 and 5.6.7.8,
> > create an /etc/ipsec.conf that says:
>
>
> which are the 'top' addresses? outer or inner?
> i.e.
>
> (A)gif0:-------(B)ed0-----<net>--------ed0(C)--------gif0(D)
By ``top'' I mean the gif addresses. By tunnel addresses I mean the
endpoint addresses. For my examples:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 1.2.3.4 --> 5.6.7.8
inet 10.0.0.1 --> 10.0.0.2 netmask 0xffffffff
> > spdadd 1.2.3.4/32 5.6.7.8/32 ip4 -P in ipsec esp/transport//require;
> > spdadd 5.6.7.8/32 1.2.3.4/32 ip4 -P out ipsec esp/transport//require;
> >
>
> ip4?
> I need to run this on 4.1.1 machines.
You're really better off applying the one-line fix to token.l to
support the ip4 syntax. It removes many problems - especially if you
intend to run NAT on your machines.
You should have the kernel support in 4.1.1.
--
Brian <brian@freebsd-services.com> <brian@Awfulhak.org>
http://www.freebsd-services.com/ <brian@[uk.]FreeBSD.org>
Don't _EVER_ lose your sense of humour ! <brian@[uk.]OpenBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109220023.f8M0NIR46299>