From owner-freebsd-questions@FreeBSD.ORG Thu May 19 12:29:48 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E7ED0106566B for ; Thu, 19 May 2011 12:29:48 +0000 (UTC) (envelope-from jhall@socket.net) Received: from mf1.socket.net (mf1.socket.net [216.106.88.38]) by mx1.freebsd.org (Postfix) with ESMTP id CA15B8FC13 for ; Thu, 19 May 2011 12:29:48 +0000 (UTC) Received: from localhost (unknown [216.106.88.17]) by mf1.socket.net (Postfix) with SMTP id 0169E40424 for ; Thu, 19 May 2011 07:15:29 -0500 (CDT) To: freebsd-questions@freebsd.org From: jhall@socket.net X-Apparently-from: jhall@mail.socket.net X-Remote-Host: 216.106.31.249 User-Agent: Socket WebMail Date: Thu, 19 May 2011 07:15:28 -0500 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Message-Id: <20110519122948.E7ED0106566B@hub.freebsd.org> Subject: IPSec with Public IP Addresses only X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jhall@socket.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2011 12:29:49 -0000 Ladies and Gentlemen, I am attempting to connect a FreeBSD server, 8.1-RELEASE to a Juniper J2320 router running the JUNOS operating system. The Juniper router I am connecting to has a public IP address of 1.2.3.4. The provider has not given me a private IP address and has stated it is not needed. The FreeBSD server, has a public IP address of 2.3.4.5 and a private IP address of 6.7.8.9. I am able to create the gif tunnel without any problem. However, the provider I am connecting to has told me there is not a private IP address available for the creation of the private IP tunnel. I will be connecting to private addresses in the 5.6.7.0/24 range on the provider's server. Here is the output of the ifconfig command. gif0: flags=8050 metric 0 mtu 1280 tunnel inet 2.3.4.5 --> 1.2.3.4 options=1 Following are the relevant route table entries. 1.2.3.4/32 2.3.4.5 US 1 798 bge1 5.6.7.0/24 1.2.3.4 UGS 2 192 bge1 Is it possible to connect to the private address on the provider's server without a private IP address? I have done this before, but I have always private IP addresses as well. I do not have racoon running yet. Could this make a difference? Thanks for your help. Jay Hall