Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 08 Jul 2010 10:51:51 -0400
From:      Steve Bertrand <steve@ipv6canada.com>
To:        =?ISO-8859-1?Q?Matheus_Weber_da_Concei=E7=E3o?= <matheuswcon@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: VPN IPsec Help
Message-ID:  <4C35E607.2090902@ipv6canada.com>
In-Reply-To: <AANLkTil1YgXzpTBaQ0_X38oGhPfQWMpLMyKfRCOeY3x_@mail.gmail.com>
References:  <AANLkTikffXjLu2QTENeRiQ7PhFLrC3Viiar_1BZOQAeP@mail.gmail.com>	<4C35D11D.4000304@ipv6canada.com> <AANLkTil1YgXzpTBaQ0_X38oGhPfQWMpLMyKfRCOeY3x_@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2010.07.08 10:00, Matheus Weber da Conceição wrote:
>> It has been a long time since I've done IPSec on FBSD, but I'm willing
>> to bet that this has to do with routing, possibly amongst other things.
>> On peer 'B' (FBSD box), what internal IP range are you trying to access
>> the A network from...the same ones (ie. are you trying to bridge the
>> networks)?
>>
> The -peer A- doesn't need to access any -peer B- networks.
> 
>> Do you have access to the Cisco gear?
> No.
> 
>> If so, on FreeBSD, post the output of:
>>
>> % netstat -rn
> 
> Notes:
> tun0 is my ppp pseudo-device
> tun5 is my openvpn tunel (192.168.5.0/24)
> ============
> # netstat -rn
> Routing tables

[ big snip ]

IIRC, you don't need a gre tunnel through IPSec, as you are simply
routing between two dissimilar networks. Don't quote me on this though,
as I said earlier, it has been a very long time.

On the FreeBSD box, assuming that you *only* want to access the three
specific IPs you stated, do this:

% route add 192.168.10.24/32 200.x.x.x
% route add 192.168.201.196/32 200.x.x.x
% route add 10.115.90.236/32 200.x.x.x

On the Cisco side:

% ip route 192.168.5.0 255.255.255.0 187.x.x.x.x

If that works, on the FBSD side of things, add the following to
/etc/rc.conf to make them persistent across reboots:

static_routes="host1 host2 host3"
route_host1="192.168.10.24/32 200.x.x.x"
route_host2="192.168.201.196/32 200.x.x.x"
route_host3="10.115.90.236/32 200.x.x.x"

Steve

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C35E607.2090902>