From owner-freebsd-net@FreeBSD.ORG  Tue Aug 26 23:40:36 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3D8DB16A4BF
	for <freebsd-net@freebsd.org>; Tue, 26 Aug 2003 23:40:36 -0700 (PDT)
Received: from mizar.origin-it.net (mizar.origin-it.net [194.8.96.234])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C978943FBD
	for <freebsd-net@freebsd.org>; Tue, 26 Aug 2003 23:40:34 -0700 (PDT)
	(envelope-from Helge.Oldach@atosorigin.com)
Received: from matar.hbg.de.int.atosorigin.com (dehsfw3e.origin-it.net
	[194.8.96.68])h7R6eTIO051296
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 27 Aug 2003 08:40:30 +0200 (CEST)
	(envelope-from Helge.Oldach@atosorigin.com)
Received: from dehhx004.hbg.de.int.atosorigin.com
	(dehhx004.hbg.de.int.atosorigin.com [161.90.164.40])
	ESMTP id h7R6eTK7007843;	Wed, 27 Aug 2003 08:40:29 +0200 (CEST)
	(envelope-from Helge.Oldach@atosorigin.com)
Received: by dehhx004.hbg.de.int.atosorigin.com with Internet Mail Service
	(5.5.2653.19)	id <QBQSWK4B>; Wed, 27 Aug 2003 08:40:29 +0200
Message-ID: <D2CFC58E0F8CB443B54BE72201E8916EF41A70@dehhx005.hbg.de.int.atosorigin.com>
From: "Oldach, Helge" <Helge.Oldach@atosorigin.com>
To: hilman firmansyah <hilman@nap.net.id>, freebsd-net@freebsd.org
Date: Wed, 27 Aug 2003 08:40:27 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-1"
Subject: RE: Gif IPTunnel networkA-to-networkB not work
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2003 06:40:36 -0000

> From: hilman firmansyah [mailto:hilman@nap.net.id]
> NB : I still dont touch the IPSEC and encrypted section 
> ,since in the fbsd
> handbooks said to make an encrypted section i must have the 2 networks
> connected. Is this right?

You must have the networks connected (on the public side), but when using
IPSec your gif tunnel won't really be used. It is just sort of a
"placeholder"
to get the routing correct. I am using a similar setup to your's (FreeBSD
talking IPSec with a Cisco router) using the GIF tunnel pointing to a bogus
remote address. You could essentialy achieve the same without GIF using
static ARP entries, claiming that the MAC address of your machine's default
gateway has the tunnel destination IP.

Helge