From owner-freebsd-questions Mon Dec 4 13: 8:26 2000 From owner-freebsd-questions@FreeBSD.ORG Mon Dec 4 13:08:23 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from oddjob.adhesivemedia.com (oddjob.adhesivemedia.com [207.202.159.77]) by hub.freebsd.org (Postfix) with ESMTP id 97D2B37B400 for ; Mon, 4 Dec 2000 13:08:22 -0800 (PST) Received: from localhost (philip@localhost) by oddjob.adhesivemedia.com (8.9.3/8.9.3) with ESMTP id NAA97650; Mon, 4 Dec 2000 13:08:20 -0800 (PST) (envelope-from philip@adhesivemedia.com) Date: Mon, 4 Dec 2000 13:08:20 -0800 (PST) From: Philip Hallstrom To: Per Tore Larsen Cc: "'freebsd-questions@freebsd.org'" Subject: Re: Vtund documentation In-Reply-To: <25879E6A7E74D411B9370050043B7F3E09F7C4@fernonorden.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG (for the archive searches: vtun tunnel encrypt secure ) I've been meaning to post what I did, but never get around to it... this is as good as time as any I guess :) This is my network: ___________ ___________ | | | | 10.0.0.1- gw1 -111.111.111.111 <---> 222.222.222.222- gw2 -10.1.0.1 (LAN) | | (Internet) (Internet) | | (LAN) |_________| |_________| | | 10.2.0.1 <------------ encrypted -------------> 10.2.0.2 (tunnel) (tunnel) On gw1, vtund.conf looks like this and is started as "vtund -s": ----------------------------------------------------------------------------- options { port 5555; persist yes; timeout 60; ppp /usr/sbin/pppd; ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipfw; } gw2 { passwd somesecretpassphrase; type tun; device tun0; proto udp; compress no; speed 0; encrypt yes; keep-alive yes; up { ifconfig "%% 10.2.0.1 10.2.0.2 netmask 255.255.255.0"; route "add -net 10.1.0.0 -netmask 255.255.255.0 10.2.0.2"; }; down { route "delete -net 10.1.0.0"; ifconfig "%% down"; }; } ----------------------------------------------------------------------------- On gw2, vtund.conf looks like this and is started as "vtund gw2 111.111.111.111": ----------------------------------------------------------------------------- options { port 5555; persist yes; timeout 60; ppp /usr/sbin/pppd; ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipfw; } gw2 { passwd somesecretpassphrase; type tun; device tun0; proto udp; compress no; speed 0; encrypt yes; keep-alive yes; up { ifconfig "%% 10.2.0.2 10.2.0.1 netmask 255.255.255.0"; route "add -net 10.0.0.0 -netmask 255.255.255.0 10.2.0.1"; }; down { route "delete -net 10.0.0.0"; ifconfig "%% down"; }; } ----------------------------------------------------------------------------- The only other thing to do is open up your firewall to let those packets in... something like this: add 4000 pass tcp from any to 111.111.111.111 5555 #gw1 only add 4000 pass udp from any to 111.111.111.111 5555 #gw1 only add 4000 pass ip from any to any via tun0 That should do it. -philip On Mon, 4 Dec 2000, Per Tore Larsen wrote: > Hi. > > Does anybody have any www site with documentation on the vtund port > in the ports collections. > > Have searched www.freebsd.org and www.freebsddiary.org without any > luck. > > Anybody? > > PeTe > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message