From owner-freebsd-isp@FreeBSD.ORG Sat May 1 02:03:22 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 25DF416A4CE; Sat, 1 May 2004 02:03:22 -0700 (PDT) Received: from bigass1.bitblock.com (ns1.bitblock.com [66.199.170.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id C48EB43D41; Sat, 1 May 2004 02:03:21 -0700 (PDT) (envelope-from mitch@bitblock.com) Received: from a1200 ([24.83.187.201]) (AUTH: LOGIN mitch@bitblock.com) by bigass1.bitblock.com with esmtp; Sat, 01 May 2004 09:03:17 +0000 X-Abuse-Reports: Visit http://www.bitblock.com/abuse.php X-Abuse-Reports: and submit a copy of the message headers X-Abuse-Reports: or review our policies and procedures X-Abuse-Reports: ID= 409367D5.0000020F.bigass1.bitblock.com,dns; a1200 ([24.83.187.201]),AUTH: LOGIN mitch@bitblock.com From: "Mitch (bitblock)" To: "Artyom V. Viklenko" Date: Sat, 1 May 2004 02:03:17 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 In-Reply-To: <409351D8.8060603@mipk.kharkiv.edu> cc: freebsd-isp@freebsd.org cc: freebsd-net@freebsd.org Subject: RE: Routing and VPN troubles... X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 May 2004 09:03:22 -0000 > -----Original Message----- > From: Artyom V. Viklenko [mailto:artem@mipk.kharkiv.edu] > Sent: Saturday, May 01, 2004 12:29 AM > To: Mitch (bitblock) > Cc: freebsd-net@freebsd.org; freebsd-isp@freebsd.org > Subject: Re: Routing and VPN troubles... > > > Mitch (bitblock) wrote: > > The crux of my problem, is that I need to configure a VPN network in a > > star - one central node, many outside nodes... easy right? > > First of all, is it really a VPN network? > How you connect your ADSL links to FBSD 4? > > And second, if FBSD4 is only point which handle > ALL traffic between FBSD1-3 and their clients, you can > use ipfw to block unwanted traffic. > For example, if your ADSL links connected to VLAN-avare > switch, and each ADSL link paired to FBSD4 in the separate VLAN, > you can set up different interfaces vlan0-vlanx > for each one and use these interfaces in ipfw rules. Thanks Artyom... The PC's behind FBSD1-3 are on private network addresses. The ADSL infrastructure and ATM paths will only route the assigned public address to the router FBSD4. There is no VLAN-aware switch, it's just the way that the ATM paths are configured that made it a close analogy (so I thought). The VPN stuff might be easy if I could figure out how to make FBSD1-3 route through FBSD4 (regardless of the fact that they are all on the same subnet... the traffic from FBSD1 needs to "bounce" off FBSD4 on it's way to FBSD3 for example... either that, or maybe the gif interfaces count as distinct interfaces for routing? m/