From owner-freebsd-security Sat Mar 2 17:14:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe49.law8.hotmail.com [216.33.240.21]) by hub.freebsd.org (Postfix) with ESMTP id 910B237B405 for ; Sat, 2 Mar 2002 17:13:52 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 2 Mar 2002 17:13:52 -0800 X-Originating-IP: [68.60.230.69] From: "John Hines" To: Subject: trying to set up PGPNet Date: Sat, 2 Mar 2002 20:13:39 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_008F_01C1C226.BE38E4F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 03 Mar 2002 01:13:52.0495 (UTC) FILETIME=[AE904FF0:01C1C250] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_008F_01C1C226.BE38E4F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hello, I'm looking for help/documentation to set up a remote vpn client = (PGPNet) to connect to my internal network behind a FreeBSD fw. I've = been able to set up a vpn between two FreeBSD firewalls, but I'm unable = to find any docs on how to have a remote PC connect to my internal net's = using PGPNet. =20 I assume the setup for PGPNet would be similar to setting up a vpn = between two FreeBSD firewalls. This is my current network topology: =20 External = Interface X.X.X.X | +--> Remote PC <--> Internet <--> FreeBSD GW=20 | = | Cable Modem Y.Y.Y.Y 192.168.1.0/24 Win98 box Internal Nets I'm assuming that I need to add a line to my psk.txt file with the IP = Y.Y.Y.Y and a password abc123. I'm also assuming that my raccoon.conf = file will not need to change. Would this be the correct way to set up = my kame-bsd.sh script to run the setkey tool? #!/bin/sh # # IP addresses # # External Interface External Interface # 1.2.3.4 5.6.7.8 # | | # +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+ # | | # 172.16.1.0/24 192.168.0.0/24 # FW-1 Protected Nets Internal Nets # setkey -FP setkey -F # Configure the Policy setkey -c << END spdadd 192.168.1.0/24 Y.Y.Y.Y/32 any -P out ipsec esp/tunnel/X.X.X.X-Y.Y.Y.Y/require; spdadd Y.Y.Y.Y 192.168.1.0/24 any -P in ipsec esp/tunnel/Y.Y.Y.Y-X.X.X.X; Also would this be the correct way add the gif funnel? ifconfig gif0 create gifconfig gif0 inet X.X.X.X Y.Y.Y.Y ifconfig gif0 inet 192.168.1.1 Y.Y.Y.Y 255.255.255.0 Is there anything I missed? Thanks in advance, John Hines =20 ------=_NextPart_000_008F_01C1C226.BE38E4F0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hello,
 
 I'm looking for help/documentation to set up a remote vpn = client=20 (PGPNet) to connect to my internal network behind a FreeBSD fw.  = I've been=20 able to set up a vpn between two FreeBSD firewalls, but I'm unable to = find any=20 docs on how to have a remote PC connect to my internal net's using = PGPNet.=20    
    I assume the setup for PGPNet would be similar = to=20 setting up a vpn between two FreeBSD firewalls.  This is my current = network=20 topology:
 
   =20

       =20             =    =20             =    =20            &n= bsp;      =20 External Interface

                  &nbs= p;                    &nbs= p;            = ;            = =20 X.X.X.X

           &n= bsp;           =20                   &n= bsp;           &nb= sp;           &nbs= p;   =20 |

      =20 +--> Remote PC <--> Internet <--> = FreeBSD GW=20

       = |           &n= bsp;           &nb= sp;           &nbs= p;           =20             =    =20 |

     Cable = Modem =20 Y.Y.Y.Y              &nbs= p;    192.168.1.0/24

      Win98=20 box           &nbs= p;                         &nbs= p;=20    Internal Nets

 

 

I'm = assuming=20 that I need to add a line to my psk.txt file with the IP Y.Y.Y.Y and a = password=20 abc123.  I'm also assuming that my raccoon.conf file will not need = to=20 change.  Would this be the correct way to set up my kame-bsd.sh = script to=20 run the setkey tool?

 

#!/bin/sh
#
# IP = addresses
#
#    =20 External=20 Interface          &nbs= p;        =20 External=20 Interface
#          = ;    =20 1.2.3.4           =      =20 5.6.7.8
#          &= nbsp;          =20 |            =        =20 |
#        +--> Firewall-1 = <-->=20 Internet <--> FreeBSD GW=20 <--+
#       =20 |            =             &= nbsp;           &n= bsp;          =20 |
#      =20 172.16.1.0/24          =             &= nbsp;   =20 192.168.0.0/24
#       FW-1 Protected=20 Nets           &nb= sp;        =20 Internal Nets
#
setkey -FP
setkey -F
# Configure the=20 Policy
setkey -c << END
spdadd = 192.168.1.0/24 Y.Y.Y.Y/32 any -P=20 out ipsec
esp/tunnel/X.X.X.X-Y.Y.Y.Y/require;
spdadd Y.Y.Y.Y=20 192.168.1.0/24 any -P in=20 ipsec
esp/tunnel/Y.Y.Y.Y-X.X.X.X;

 
Also=20 would this be the correct way add the gif funnel?

ifconfig gif0=20 create

gifconfig gif0=20 inet X.X.X.X Y.Y.Y.Y

ifconfig gif0=20 inet 192.168.1.1 Y.Y.Y.Y 255.255.255.0

 

Is = there=20 anything I missed?

 

Thanks in=20 advance,

 

John = Hines

 

 

 

 

 


------=_NextPart_000_008F_01C1C226.BE38E4F0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message