Date: Sat, 2 Mar 2002 20:13:39 -0500 From: "John Hines" <bigjohn_101@hotmail.com> To: <freebsd-security@freebsd.org> Subject: trying to set up PGPNet Message-ID: <OE49MsUo27AzAtzkv2w000097d0@hotmail.com>
next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
------=_NextPart_000_008F_01C1C226.BE38E4F0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hello,
I'm looking for help/documentation to set up a remote vpn client =
(PGPNet) to connect to my internal network behind a FreeBSD fw. I've =
been able to set up a vpn between two FreeBSD firewalls, but I'm unable =
to find any docs on how to have a remote PC connect to my internal net's =
using PGPNet. =20
I assume the setup for PGPNet would be similar to setting up a vpn =
between two FreeBSD firewalls. This is my current network topology:
=20
External =
Interface
X.X.X.X
|
+--> Remote PC <--> Internet <--> FreeBSD GW=20
| =
|
Cable Modem Y.Y.Y.Y 192.168.1.0/24
Win98 box Internal Nets
I'm assuming that I need to add a line to my psk.txt file with the IP =
Y.Y.Y.Y and a password abc123. I'm also assuming that my raccoon.conf =
file will not need to change. Would this be the correct way to set up =
my kame-bsd.sh script to run the setkey tool?
#!/bin/sh
#
# IP addresses
#
# External Interface External Interface
# 1.2.3.4 5.6.7.8
# | |
# +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+
# | |
# 172.16.1.0/24 192.168.0.0/24
# FW-1 Protected Nets Internal Nets
#
setkey -FP
setkey -F
# Configure the Policy
setkey -c << END
spdadd 192.168.1.0/24 Y.Y.Y.Y/32 any -P out ipsec
esp/tunnel/X.X.X.X-Y.Y.Y.Y/require;
spdadd Y.Y.Y.Y 192.168.1.0/24 any -P in ipsec
esp/tunnel/Y.Y.Y.Y-X.X.X.X;
Also would this be the correct way add the gif funnel?
ifconfig gif0 create
gifconfig gif0 inet X.X.X.X Y.Y.Y.Y
ifconfig gif0 inet 192.168.1.1 Y.Y.Y.Y 255.255.255.0
Is there anything I missed?
Thanks in advance,
John Hines
=20
------=_NextPart_000_008F_01C1C226.BE38E4F0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2713.1100" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>Hello,</DIV>
<DIV> </DIV>
<DIV> I'm looking for help/documentation to set up a remote vpn =
client=20
(PGPNet) to connect to my internal network behind a FreeBSD fw. =
I've been=20
able to set up a vpn between two FreeBSD firewalls, but I'm unable to =
find any=20
docs on how to have a remote PC connect to my internal net's using =
PGPNet.=20
</DIV>
<DIV> I assume the setup for PGPNet would be similar =
to=20
setting up a vpn between two FreeBSD firewalls. This is my current =
network=20
topology:</DIV>
<DIV> </DIV>
<DIV> =20
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3><SPAN=20
style=3D"mso-spacerun: yes"> =20
=
=20
=
=20
</SPAN><SPAN=20
style=3D"mso-spacerun: =
yes"> &n=
bsp; =20
</SPAN>External Interface<?xml:namespace prefix =3D o ns =3D=20
"urn:schemas-microsoft-com:office:office" =
/><o:p></o:p></FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3><SPAN=20
style=3D"mso-tab-count: =
1"> </SPAN><SPAN=20
style=3D"mso-tab-count: =
1"> &nbs=
p;</SPAN><SPAN=20
style=3D"mso-tab-count: =
2"> </SPAN><SPAN=20
style=3D"mso-tab-count: =
1"> &nbs=
p;  =
; =
=20
</SPAN>X.X.X.X</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3><SPAN=20
style=3D"mso-spacerun: =
yes"> &n=
bsp; =20
</SPAN> <SPAN=20
style=3D"mso-spacerun: =
yes"> &n=
bsp; &nb=
sp; &nbs=
p; =20
</SPAN>|<o:p></o:p></FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3><SPAN=20
style=3D"mso-spacerun: yes"> =20
</SPAN>+--> Remote PC <--> Internet <--> =
FreeBSD GW=20
</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3><SPAN=20
style=3D"mso-spacerun: yes"> =
</SPAN>|<SPAN=20
style=3D"mso-spacerun: =
yes"> &n=
bsp; &nb=
sp; &nbs=
p; =20
=
=20
</SPAN>|<o:p></o:p></FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3><SPAN=20
style=3D"mso-tab-count: 1"> Cable =
Modem =20
Y.Y.Y.Y</SPAN><SPAN style=3D"mso-tab-count: =
1"> </SPAN><SPAN=20
style=3D"mso-tab-count: =
2"> &nbs=
p; </SPAN><SPAN=20
style=3D"mso-tab-count: =
1"> </SPAN>192.168.1.0/24<o:p></o:p></FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3><SPAN=20
style=3D"mso-tab-count: 1"> Win98=20
box &nbs=
p; </SPAN><SPAN=20
style=3D"mso-tab-count: =
2"> </SPAN><SP=
AN=20
style=3D"mso-tab-count: =
1"> &nbs=
p;=20
</SPAN> Internal Nets</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT size=3D3>I'm =
assuming=20
that I need to add a line to my psk.txt file with the IP Y.Y.Y.Y and a =
password=20
abc123. I'm also assuming that my raccoon.conf file will not need =
to=20
change. Would this be the correct way to set up my kame-bsd.sh =
script to=20
run the setkey tool?</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT=20
size=3D3>#!/bin/sh<BR>#<BR># IP =
addresses<BR>#<BR># =20
External=20
Interface &nbs=
p; =20
External=20
Interface<BR>#  =
; =20
1.2.3.4 =
=20
5.6.7.8<BR># &=
nbsp; =20
| =
=20
|<BR># +--> Firewall-1 =
<-->=20
Internet <--> FreeBSD GW=20
<--+<BR># =20
| =
&=
nbsp; &n=
bsp; =20
|<BR># =20
172.16.1.0/24 =
&=
nbsp; =20
192.168.0.0/24<BR># FW-1 Protected=20
Nets &nb=
sp; =20
Internal Nets<BR>#<BR>setkey -FP<BR>setkey -F<BR># Configure the=20
Policy<BR>setkey -c << END<BR>spdadd =
192.168.1.0/24 Y.Y.Y.Y/32 any -P=20
out ipsec<BR>esp/tunnel/X.X.X.X-Y.Y.Y.Y/require;<BR>spdadd Y.Y.Y.Y=20
192.168.1.0/24 any -P in=20
ipsec<BR>esp/tunnel/Y.Y.Y.Y-X.X.X.X;</FONT></SPAN></P><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"></SPAN></DIV>
<DIV><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"></SPAN> </DIV>
<DIV><SPAN style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3>Also=20
would this be the correct way add the gif funnel?</FONT></SPAN></DIV>
<DIV><SPAN style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'">
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3>ifconfig gif0=20
create<o:p></o:p></FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3>gifconfig gif0=20
inet X.X.X.X Y.Y.Y.Y</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3>ifconfig gif0=20
inet 192.168.1.1 Y.Y.Y.Y 255.255.255.0</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT=20
size=3D3></FONT></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT size=3D3>Is =
there=20
anything I missed?</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT=20
size=3D3></FONT></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT =
size=3D3>Thanks in=20
advance,</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT=20
size=3D3></FONT></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT size=3D3>John =
Hines</FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT=20
size=3D3></FONT></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"></SPAN> </P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><FONT=20
size=3D3> <o:p></o:p></FONT></SPAN></P>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; =
mso-layout-grid-align: none"><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"><o:p><FONT=20
size=3D3></FONT></o:p></SPAN> </P></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
style=3D"FONT-SIZE: 9pt; FONT-FAMILY: 'Andale Mono'"> </DIV>
<P class=3DMsoNormal=20
style=3D"MARGIN: 0in 0in 0pt; mso-pagination: none; tab-stops: 0in =
47.95pt 95.9pt 143.85pt 191.8pt 239.75pt 287.7pt 335.65pt 383.6pt =
431.55pt; mso-layout-grid-align: none"><FONT=20
face=3D"Times New Roman"><BR></FONT></P></SPAN></FONT></BODY></HTML>
------=_NextPart_000_008F_01C1C226.BE38E4F0--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE49MsUo27AzAtzkv2w000097d0>