From owner-freebsd-net@FreeBSD.ORG Tue Jul 14 13:56:03 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C06F21065675 for ; Tue, 14 Jul 2009 13:56:03 +0000 (UTC) (envelope-from john@traktor.dnepro.net) Received: from traktor.dnepro.net (roof1.dnepro.net [212.3.111.66]) by mx1.freebsd.org (Postfix) with ESMTP id 3AA648FC1D for ; Tue, 14 Jul 2009 13:56:02 +0000 (UTC) (envelope-from john@traktor.dnepro.net) Received: from traktor.dnepro.net (localhost [127.0.0.1]) by traktor.dnepro.net (8.14.3/8.14.3) with ESMTP id n6EDfVgA030207 for ; Tue, 14 Jul 2009 16:41:31 +0300 (EEST) (envelope-from john@traktor.dnepro.net) Received: (from john@localhost) by traktor.dnepro.net (8.14.3/8.14.3/Submit) id n6EDfV4D030206 for freebsd-net@freebsd.org; Tue, 14 Jul 2009 16:41:31 +0300 (EEST) (envelope-from john) Date: Tue, 14 Jul 2009 16:41:31 +0300 From: Eugene Perevyazko To: freebsd-net@freebsd.org Message-ID: <20090714134131.GA23925@traktor.dnepro.net> Mail-Followup-To: freebsd-net@freebsd.org References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> User-Agent: Mutt/1.4.2.3i Subject: Re: question regarding IPSEC Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2009 13:56:04 -0000 On Mon, Jul 13, 2009 at 11:09:11AM -0400, rascal wrote: > So I have a couple of questions regarding a scenario that has recently been > brought to me. I have two sites, one with a cisco device and one with a > server running freebsd 7.2. The client wants to connect the two sites using > these devices and I am told that the best way would be to establish an IPSEC > tunnel between the cisco device and the freebsd server. The cisco is a > concentrator 3000 and the server is just a dell poweredge 860 with 4 nics in > the back running 7.2 freebsd. I guess my two questions are: > > 1. Has anyone done this before and what are their results? I'm using several IPSec tunnels between cisco 851's and freebsd routers. It "just works". > 2. Is setting up an IPSEC tunnel the best route for this or is there > something else I should be looking at? IPSec is the standard for tunnels over internet. Cisco VPN requires their proprietary client, OpenVPN is not for ciscos. > 3. Any tips/tricks/good sites to check on for setting up IPSEC on freebsd > (I am currently reading > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html which > is pretty darn good)? I use IPSec tunnels without gif interface on freebsd, don't know if it will work with it. I declare policy in /etc/ipsec.conf, and use racoon (ports/security/ipsec-tools) to do all the rest. It's pretty simple on cisco side too. Just say if you need an example. -- Eugene Perevyazko