From owner-freebsd-questions@FreeBSD.ORG  Mon Jun  2 16:43:21 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4ABC11065676
	for <freebsd-questions@freebsd.org>;
	Mon,  2 Jun 2008 16:43:21 +0000 (UTC)
	(envelope-from kurt.buff@gmail.com)
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.30])
	by mx1.freebsd.org (Postfix) with ESMTP id 0C1D08FC1F
	for <freebsd-questions@freebsd.org>;
	Mon,  2 Jun 2008 16:43:20 +0000 (UTC)
	(envelope-from kurt.buff@gmail.com)
Received: by yw-out-2324.google.com with SMTP id 9so497537ywe.13
	for <freebsd-questions@freebsd.org>;
	Mon, 02 Jun 2008 09:43:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	bh=jsIcthY8l5JewPc3ErZtvHh88jr0Tc9p6gEjcvJqxPA=;
	b=O2dM8yu6BEh1p+jAUFMt0R4h/GEo8GvBK2MRbT3VZoeD/UQq+QxdXkooOfDtJFdHmliNQsACMmgcDEdzrx0BsgprFr0lCXbOm/pdhTAWQG+9rwcSCWqePu1sy4svDXRqWEfInseoyvO2paHvqnmjInHT/hb0CFzAYLTCIskzE6g=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=PKdiEnZgvBi/vuLV3fFwSbT73z8/dnXF2o5S5gLtKvXm9+HgSGPNxEQjdqu/KNoW/EiAZusek8ktoQ2Ws2CVW6hS7af1L95OJZiOm2uWaZzCyVMPv0bL2ZD7mYb5nbDvw32f3gMP8dtRSlUQhzw3pATOrKS1xCG5J40cJjqKIHo=
Received: by 10.142.99.21 with SMTP id w21mr3650810wfb.55.1212424913472;
	Mon, 02 Jun 2008 09:41:53 -0700 (PDT)
Received: by 10.143.156.7 with HTTP; Mon, 2 Jun 2008 09:41:53 -0700 (PDT)
Message-ID: <a9f4a3860806020941u37f9abd3lf3e9d84359b8c1ad@mail.gmail.com>
Date: Mon, 2 Jun 2008 09:41:53 -0700
From: "Kurt Buff" <kurt.buff@gmail.com>
To: alexus <alexus@gmail.com>
In-Reply-To: <6ae50c2d0806020913v2c7665b8nc3673e30cb8627cc@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <6ae50c2d0805311649p14863af3y43af39fb4aa2cc8a@mail.gmail.com>
	<6ae50c2d0806020913v2c7665b8nc3673e30cb8627cc@mail.gmail.com>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Re: VPN (IPSEC)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2008 16:43:21 -0000

On Mon, Jun 2, 2008 at 9:13 AM, alexus <alexus@gmail.com> wrote:
> anyone?
>
>
> On Sat, May 31, 2008 at 7:49 PM, alexus <alexus@gmail.com> wrote:
>> Hello,
>>
>> I'm trying to establish a VPN tunnel over internet, I read a
>> http://www.freebsd.org/doc/en/books/handbook/ipsec.html on how to set
>> it up, I'm some what strangeling if my setup will work at all.
>>
>> i have box #1 that have 1 primary IP, which is private IP but in front
>> of my box, I have a device that translate a public IP address into
>> private IP, so "technicaly" its a public IP not a private, yet system
>> sees it as private, yet my box #2 has interface with real public ip
>> and another interface with private ip, i created GIF0 interface, yet i
>> can't ping private range on other box.
>>
>>
>> box#1
>>
>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>        options=8<VLAN_MTU>
>>        ether 00:0f:fe:aa:f4:61
>>        inet 192.168.1.251 netmask 0xffffff00 broadcast 192.168.1.255
>>        inet 172.16.172.16 netmask 0xffffffff broadcast 172.16.172.16
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>> plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> metric 0 mtu 1500
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>>        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
>>        inet6 ::1 prefixlen 128
>>        inet 127.0.0.1 netmask 0xff000000
>> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
>>        tunnel inet 38.96.123.42 --> 74.2.252.194
>>        inet 192.168.1.251 --> 192.168.2.252 netmask 0xffffffff
>> alexus@jot ~ 503$ netstat -rn | grep gif0
>> 192.168.2.252      192.168.1.251      UH          0       15   gif0
>> alexus@jot ~ 504$
>>
>> box#2
>>
>> su-3.2# ifconfig
>> dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
>> 0 mtu 1500
>>        options=8<VLAN_MTU>
>>        ether 00:1a:70:10:e3:89
>>        inet 74.2.252.194 netmask 0xfffffff8 broadcast 74.2.252.199
>>        media: Ethernet autoselect (100baseTX)
>>        status: active
>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>        options=8<VLAN_MTU>
>>        ether 00:13:20:09:53:31
>>        inet 192.168.2.252 netmask 0xffffff00 broadcast 192.168.2.255
>>        media: Ethernet autoselect (100baseTX <full-duplex>)
>>        status: active
>> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>>        inet 127.0.0.1 netmask 0xff000000
>> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
>>        tunnel inet 74.2.252.194 --> 38.96.132.42
>>        inet 192.168.2.252 --> 192.168.1.251 netmask 0xffffffff
>> su-3.2# netstat -rn | grep gif0
>> 192.168.1.251      192.168.2.252      UH          0      602   gif0
>> su-3.2#
>>
>>
>> any suggestions are welcome, thanks!
>> --
>> http://alexus.org/

google for "ipsec nat traversal freebsd"