Date: Tue, 18 Jun 2002 08:00:10 -0700 From: Lars Eggert <larse@ISI.EDU> To: "Louis A. Mamakos" <louie@TransSys.COM> Cc: Christophe Prevotaux <c.prevotaux@hexanet.fr>, net@FreeBSD.ORG Subject: Re: IPIP (kind of) with Payload Encryption only Message-ID: <3D0F4AFA.3000908@isi.edu> References: <20020618153956.2a9352fa.c.prevotaux@hexanet.fr> <200206181352.g5IDqqnq047326@whizzo.transsys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Louis A. Mamakos wrote:
>>
>>Could someone tell me if there is a way to build a VPN(like) tunnel from
>>a FreeBSD machine acting as a VPN gateway to another machine acting as
>>another VPN gateway using normal IP packets that have only their data
>>payload encrypted. Of course there would have to be a way to setup the
>>tunnel and still retain the network addressing of each side of the VPN
>
>
> Look at vtun in /usr/ports/net/vtun to see if this can address your
> problem. I use it over a (cable modem) network that seems to
> filter IPSEC traffic.
Too bad you can't use IPsec, this seems like the perfect scenario for it.
I've also used vtun in such a scenario, and can second that it'll work
UNLESS you need your tunnel to go through a NAT box - vtun uses the
client's IP address during its authentication handshake (which is dumb,
since stronger shared secrets need be in place anyway.)
Archie's daemonnews article has an example of how to do UDP tunneling
with netgraph, which nets about a 2x performance improvement over vtun
(without encryption, haven't figured out how tie in ng_mppc).
Lars
--
Lars Eggert <larse@isi.edu> USC Information Sciences Institute
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
��00
G0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu00
*H
��0�
|\Pw v~~
FDooӦA\- Cˀ4.)&{肋
,z
(ܷر߈T7_'txGH^tt/ҹB8%t<#ֲN�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��aJPMՒ�]cѭC+kS+wZ1gY",YT41
j
6:~℩
D~Kؚl=u(ՎM?cF7@}T00
G0
*H
�01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.300
010824164000Z
020824164000Z0T10
UEggert1
0
U*Lars10U
Lars Eggert1
0 *H
larse@isi.edu00
*H
��0�
|\Pw v~~
FDooӦA\- Cˀ4.)&{肋
,z
(ܷر߈T7_'txGH^tt/ҹB8%t<#ֲN�V0T0*+e!0 �00L2uMyffBNUbNJJcdZ2s0U
0
larse@isi.edu0
U
0�0
*H
��aJPMՒ�]cѭC+kS+wZ1gY",YT41
j
6:~℩
D~Kؚl=u(ՎM?cF7@}T080fErtcvE.0
*H
�01
0 UZA10U
Western Cape10U Cape Town10U
Thawte Consulting1(0&U
Certification Services Division1$0"UThawte Personal Freemail CA1+0) *H
personal-freemail@thawte.com0
000830000000Z
040827235959Z01
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.3000
*H
��0�32c %E>nx'gڈD)c5*mp<ܮto034qmOe
KaU5u'rװ
|CBPQ<9TIf�- ki�N0L0)U
"0
0
10UPrivateLabel1-2970U
0�0
U
0
*H
��1KG]qSl]y=&b""I'{9$
*8PUl
LGl
X1B li+@]jy.%݊
Z<D&iHΥbb10001
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30G0 +�a0 *H
1
*H
0
*H
1
020618150010Z0# *H
1^$p&4'?0R *H
1E0C0
*H
0*H
�0
*H
@0+0
*H
(0
*H
101
0 UZA10U
Western Cape10U Cape Town10
U
Thawte1
0U
Certificate Services1(0&U Personal Freemail RSA 2000.8.30G0
*H
�CUռ\u]~&\W݀?kn@CG0z!O?s| IvLu5ttX5陼2x˜
Ii69vML%,�~}/ʴ������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D0F4AFA.3000908>