Date: Mon, 4 Jul 2005 14:16:28 +0200 From: Fabian Keil <freebsd-listen@fabiankeil.de> To: tradigan@newrevolutions.net Cc: freebsd-questions@freebsd.org Subject: Re: VPN Tunnel Message-ID: <20050704141628.249fd2c7@localhost> In-Reply-To: <200506301100.28371.tradigan@newrevolutions.net> References: <200506301100.28371.tradigan@newrevolutions.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Signature_Mon__4_Jul_2005_14_16_28_+0200_fPQbiBGuNMbx8QyZ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable tradigan@newrevolutions.net wrote: > I'm having some problems getting a VPN tunnel working between two sites. = =20 > Currently I am just trying to establish a tunnel and worry about the=20 > encryption after the tunnel is up and functional, however I cannot even g= et=20 > the tunnel established. I have followed the directions from the FreeBSD= =20 > handbook but had no luck. Here is my scenario: >=20 > Network 1: >=20 > FreeBSD Internal IP: 192.168.20.13 > FreeBSD External IP: 12.34.56.78 >=20 > Network 2: >=20 > FreeBSD Internal IP: 192.168.15.2 > FreeBSD External IP: 87.65.43.21 >=20 > On the Network 1 Box, I configured the gif0 interface as follows: >=20 > root@freebsd# ifconfig gif0 create > root@freebsd# ifconfig gif0 tunnel 12.34.56.78 87.65.43.21 > root@freebsd# ifconfig gif0 inet 192.168.20.13 192.168.15.2 netmask=20 > 255.255.255.255 >=20 > For IPFilter, I have the following rules at the TOP of the script: > pass in quick from 87.65.43.21 to any on xl0 > pass in quick on gif0 all > pass out quick on gif0 all >=20 > On the Network 2 Box, I configured the gif0 interface as follows: >=20 > root@host# ifconfig gif0 create > root@host# ifconfig gif0 tunnel 87.65.43.21 12.34.56.78 > root@host# ifconfig gif0 inet 192.168.15.2 192.168.20.13 netmask=20 > 255.255.255.255 >=20 > For IPFilter, I have the following rules at the TOP of the script: > pass in quick from 12.34.56.78 to any on xl0 > pass in quick on gif0 all > pass out quick on gif0 all >=20 > After I have created both gif0 interfaces on each of the boxes, the FreeB= SD=20 > handbook says I should be able to ping the private IP of the other BSD=20 > machine. When I ping from Network 1, I don't get any type of response an= d=20 > just 100% failed sent packets. When I ping from Network 2, I get a 'No r= oute=20 > to host' message as well as 100% failed sent packets. >=20 > I have been at this for 2 days now and I'm really starting to get frustra= ted. =20 > Am I missing something here? Any help would be appreciated. Looks like the routing table in network 2 doesn't work. netstat -rn should give you a clue what's wrong. Fabian --=20 http://www.fabiankeil.de/ --Signature_Mon__4_Jul_2005_14_16_28_+0200_fPQbiBGuNMbx8QyZ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCySicoomUOj0wp30RAgVRAJ9O5ep7li76U2zlYkEvVS0iU6wyKgCfVMxK Q9owLeeCaHhftn/Ock3uV1I= =Sjvm -----END PGP SIGNATURE----- --Signature_Mon__4_Jul_2005_14_16_28_+0200_fPQbiBGuNMbx8QyZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050704141628.249fd2c7>