Date: Thu, 20 Apr 2000 22:10:56 +0800 (MYT) From: Muhammad Najib <najib@kdu.edu.my> To: freebsd-security@freebsd.org Subject: VPN using IPSec Message-ID: <200004201410.WAA25907@falcon.kdu.edu.my>
next in thread | raw e-mail | index | archive | help
I've just install the latest -RELEASE of FreeBSD and cvsup to -STABLE. I've read through the documentation and found it kinda confusing, yet I've tried to do what's in the doc and failed. This is my intention: - setting up VPN connection between two organization located at different geographical area - at the same time allow Internet connectivity throughout the world using NAT I've been understood by the doc that I need to use the 'tunnel mode' instead to achieve this. I followed the documentation in the handbook (http://www.freebsd.org/handbook/ipsec.html) but failed. Here's the conf files: HOST A = 100.200.100.1 (not real IP) HOST B = 200.100.100.1 (not real IP) dmz network behind HOST A = 10.1.2.0/24 dmz network behind HOST B = 10.1.1.0/24 ----------------------HOST A CONF STARTS----------------------------- add 100.200.100.1 200.100.200.1 ah-old 0x10003 -m any -A keyed-md5 "this is the test" ; add 200.100.200.1 100.200.100.1 ah-old 0x10004 -m any -A keyed-md5 "this is the test" ; spdadd 10.1.2.0/24 10.1.1.0/24 any -P out ipsec ah/tunnel/100.200.100.1-200.100.200.1/require ; spdadd 10.1.1.0/24 10.1.2.0/24 any -P in ipsec ah/tunnel/200.100.200.1-100.200.100.1/require ; ----------------------HOST B CONF STARTS----------------------------- add 100.200.100.1 200.100.200.1 ah-old 0x10003 -m any -A keyed-md5 "this is the test" ; add 200.100.200.1 100.200.100.1 ah-old 0x10004 -m any -A keyed-md5 "this is the test" ; spdadd 10.1.1.0/24 10.1.2.0/24 any -P out ipsec ah/tunnel/200.100.200.1-100.200.100.1/require ; spdadd 10.1.2.0/24 10.1.1.0/24 any -P in ipsec ah/tunnel/100.200.100.1-200.100.200.1/require ; ----------------------HOST B CONF ENDS------------------------------- I hope somebody out there that has already done with this VPN-style setup to point me if there's any flaw in this configuration. Thanx in advance :) regards, *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~* MUHAMMAD NAJIB ABDUL MUKTHI member of My-Linux.ORG WEB PROGRAMMER http://www.my-linux.org Kolej Damansara Utama, SS22/41, najib@csi-x.net 47400 Petaling Jaya, Selangor. najib@kaypo.net http://www.kdu.edu.my najib@kdu.edu.my Tel : +603 77288123 ext.320 najib@my-linux.org *~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~* _______________________________________________ UNIX - it makes the world go round :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004201410.WAA25907>