Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Apr 2002 12:16:10 +0200
From:      "Dennis Pedersen" <trm@daydreamer.dk>
To:        <freebsd-net@freebsd.org>
Cc:        "Lars Eggert" <larse@ISI.EDU>
Subject:   Re: IPsec tunnel mode
Message-ID:  <00a801c1dfaf$925aa750$0301a8c0@dpws>
References:  <MPENKFCCIIDAJKJJOLBHMEAJCNAA.tariq@inty.net> <5.1.0.14.0.20020408200151.01cac1f0@mail.drwilco.net> <007501c1df3f$326d92a0$0301a8c0@dpws> <3CB20A6D.3040704@isi.edu>

next in thread | previous in thread | raw e-mail | index | archive | help

----- Original Message -----
From: "Lars Eggert" <larse@ISI.EDU>
To: "Dennis Pedersen" <trm@daydreamer.dk>
Cc: <freebsd-net@freebsd.org>
Sent: Monday, April 08, 2002 11:23 PM
Subject: Re: IPsec tunnel mode


> Dennis Pedersen wrote:
> > Because on the snap-users@kame.net Lars Eggert said something about
using
> > transport mode, not tunnel mode. This confused me a bit because isnt
> > transport between 2 hosts only
>
> I said a possibility would be to use IPsec transport mode OVER AN IPIP
> TUNNEL, which is not he same as using transport mode alone (which is
> restricted to host pairs). On the wire, packets generated by either
> approach look identical.

My bad, i think i got the big picture now where you are going with the IPIP
and transport mode..

> > I have also read the
> > ftp://ftp.ietf.org/internet-drafts/draft-touch-ipsec-vpn-03.txt a couple
of
> > times, but i still cant seem to figure how the transport mode fits into
> > this?
>
> Forget about security for a moment. Set up a virtual topology using IPIP
> tunnels, and make sure it works. *Then* turn on transport-mode IKE over
> the IPIP tunnels to secure it.

But uhm is there a 'simple' way of doing this? (as in just adding the IP of
the other ends gif interface as destinatio in my routes?
The setup today i an exact copy of (other IP's of course)
www.freebsddiary.org/ipsec-tunnel.php
This works just fine besides til problem with my routes, arcording to the
draft IPIP is the solution. My Question is now how do i set up with an IPIP
tunnel?
On http://rr.sans.org/firewall/IPSec_VPN.php there is an example, from my
point of view it looks kind of complicated. Can it be made any simpler?
If this is the way to do it,  can i run mutible natd on both my external
interface and the virtual gif interface (the howto creates the gif tunnel
and diverts all trafic into this tunnel with natd on both ends) and how?
(because i can't really se how the ipfw add divert natd can tell the
difference between te 2 sessions of natd)

Regards,
Dennis



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00a801c1dfaf$925aa750$0301a8c0>