From owner-freebsd-questions@FreeBSD.ORG Tue May 6 03:44:00 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BAE5737B401 for ; Tue, 6 May 2003 03:44:00 -0700 (PDT) Received: from swissgeeks.com (adsl-212-101-16-119.solnet.ch [212.101.16.119]) by mx1.FreeBSD.org (Postfix) with SMTP id E595643F85 for ; Tue, 6 May 2003 03:43:58 -0700 (PDT) (envelope-from pbrossin@swissgeeks.com) Received: (qmail 14318 invoked from network); 6 May 2003 10:43:55 -0000 Received: from localhost (127.0.0.1) by server.swissgeeks.com (127.0.0.1) with ESMTP; 06 May 2003 10:43:55 -0000 Received: from 195.141.123.2 ( [195.141.123.2]) as user pbrossin@localhost by www.swissgeeks.com with HTTP; Tue, 6 May 2003 12:43:55 +0200 Message-ID: <1052217835.3eb791eb3e16a@www.swissgeeks.com> Date: Tue, 6 May 2003 12:43:55 +0200 From: Pierrick Brossin To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.0 X-Originating-IP: 195.141.123.2 X-Sent-Via: Mitel Networks SME Server Subject: IPSec and VPN X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 May 2003 10:44:01 -0000 Hi! I have set up a VPN here at work between two FreeBSD 4.8 machines. I used a cross-cable to "simulate" the internet connection. I modified the kernel with IPSEC and IPSEC_ESP. I let gif untouched "pseudo-device gif" with no number specified. Then, I create a VPN tunnel between 192.168.0.1 and 192.168.0.2 (external IPS simulated with cross-cable). The internal IPs are 10.41.0.10 and 10.41.1.10. Till there no encryption and the tunnel is working. I can ping both sides of it. If I run "tcpdump -i gif0" on 10.41.0.10 and ping that host from 10.41.1.10 I see icmp requests and replies. Now I activate IPSEC in rc.conf and configured /etc/ipsec.conf. I also installed racoon which exchanges keys without any problem (/var/log/racoon.log). And the tunnel is now encrypted and working. Same thing as before: If I run "tcpdump -i gif0" on 10.41.0.10 and ping that host from 10.41.1.10 I can't see anything anymore !!!! I can ping that host and see replies on my screen but on the other machine tcpdump doesn't output anything. I can also ssh to 10.41.0.10. Normal or not ? Regards ps: If you need config files ask but since the tunnel is working I thought it wasn't needed. -- Pierrick Brossin IT Employee - Quark Media House Switzerland Mail: pbrossin_AT_swissgeeks(dot)com Web: http://www.swissgeeks.com