From owner-freebsd-security Fri Aug 30 14:50:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0707C37B405 for ; Fri, 30 Aug 2002 14:50:37 -0700 (PDT) Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADAD243E65 for ; Fri, 30 Aug 2002 14:50:35 -0700 (PDT) (envelope-from ahb@ahb.net) Received: from fwd03.sul.t-online.de by mailout10.sul.t-online.com with smtp id 17ktf0-0002pU-04; Fri, 30 Aug 2002 23:50:34 +0200 Received: from proxybox.de.ahb.net (02161572360-0001@[80.142.137.179]) by fmrl03.sul.t-online.com with esmtp id 17ktgZ-0j3otkC; Fri, 30 Aug 2002 23:52:11 +0200 Received: from deepthought (notebookab.de.ahb.net [10.100.10.29]) by proxybox.de.ahb.net (8.11.1/8.9.3/SuSE Linux 8.9.3-0.1) with ESMTP id g7ULrcv10655 for ; Fri, 30 Aug 2002 23:53:38 +0200 (CEST) From: ahb@ahb.net To: freebsd-security@freebsd.org Date: Fri, 30 Aug 2002 23:50:09 +0200 MIME-Version: 1.0 Subject: Cisco <-> FreeBSD / Kame / Raccon Ipsec Interoperabilty Message-ID: <3D7004B1.4052.750D3BD@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-Sender: 02161572360-0001@t-dialin.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi ! Perhaps a bit off topic on this list, but perhaps one of you guys has an answer to the following question. I have two sites. One is running a cisco router and a second that has a FreeBSD box with a DSL dialup line. Behind both boxes is a LAN that I would like to connect together with an ipsec tunnel. The cisco router is not under my control and perhaps everything would be fine if the cisco router would not assign the unencrypted end of the tunnel from a pool of a class "C" network. So I have basicly the following configuration 10.1/16 Private LAN "A" | FreeBSD box | Some dynamic IP from the dialup provider | Internet | 1.2.3.4 Fixed IP on the public end of the cisco | cisco | 10.2.1/24 dynamic assigned IP | Some other firewall stuff here and the LAN behind it The configuration is normally used as a dialin pool for home office PC's, but there are some guys that do have a working dialup LAN on their home office rather than a single PC. So setting up the public side of the gif interface is a piece of cake. The dynamic IP is assigned during the setup of the IPsec connection. What I could not find out until now is how to set up the private part of the gif interface. Usually one would have to use : ifconfig netmask But since the dest-priv address is assigned during the tunnel setup I could not figure out how to configure the private destination address. Also it would be a question how the setkey parameters for the spdadd have to be, as I would need this destination address there as well. So if someone has this kind of setup in use, could you please send me the scripts ? Or if someone has an idea where to start searching, this would be nice as well. I have been searching the internet for nearly two days now, but I could not find an answer for this. I forgot to mention that the FreeBSD box is running 4.2. If this is too old, it would not hurt to upgrade it to some newer version. Thanks in advance Achim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message