From owner-freebsd-net Wed Sep 13 22:56:27 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail1.mx.voyager.net (mail1.mx.voyager.net [216.93.66.200]) by hub.freebsd.org (Postfix) with ESMTP id 1490337B43C for ; Wed, 13 Sep 2000 22:56:19 -0700 (PDT) Received: from thunder.voyager.net (net-216-93-125-061.hcv.com [216.93.125.61]) by mail1.mx.voyager.net (8.10.0/Voyager) with ESMTP id e8E5t9514228 for ; Thu, 14 Sep 2000 01:55:09 -0400 (EDT) Message-Id: <4.3.2.7.2.20000914012505.00c27580@pop3.venux.net> X-Sender: mhagerty@pop.voyager.net X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 14 Sep 2000 01:48:27 -0400 To: freebsd-net@FreeBSD.ORG From: Matthew Hagerty Subject: To finish this VPN configuration...? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings, If this belongs in security (or even questions) my apologies, it seemed appropriate for net... I am trying to get a simple VPN between two gateways configured but there seems to be a lack of examples on doing this with FreeBSD. What I have so far is this: Added to the kernel: options IPSEC options IPSEC_ESP Set: sysctl -w net.inet6.ip6.forwarding=1 Checked out the example in the handbook for a IP4 tunnel config, something like this: ======= AH ======= | | Network-A Gateway-A Gateway-B Network-B 10.0.1.0/24 ---- 172.16.0.1 ----- 172.16.0.2 ---- 10.0.2.0/24 So I entered the setkey parameters like the example, replacing the 172.16.0.x addresses with the real external IP addresses of the two hosts. # setkey -c <