Date: Mon, 20 Nov 2000 08:51:34 -0800 (PST) From: Tom Samplonius <tom@sdf.com> To: Mike Tancsa <mike@sentex.net> Cc: Evren Yurtesen <eyurtese@turkuamk.fi>, freebsd-isp@FreeBSD.ORG Subject: Re: any VPN daemon? Message-ID: <Pine.BSF.4.05.10011200849560.1138-100000@misery.sdf.com> In-Reply-To: <4.2.2.20001119221736.0173de98@marble.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 19 Nov 2000, Mike Tancsa wrote: > At 06:29 PM 11/19/2000 -0800, Tom Samplonius wrote: > > Well building IPSec tunnels on FreeBSD 4.x is rather arcane and not very > >well documented. For instance, there is nothing on how IPSec and ipfw > >interact. Which subsystem gets the packet first? ipfw or IPSec? > >Building a system with ipfw, natd and IPSec tunnels isn't an easy thing to > >do. > > I believe the person said he was using a simple LAN to LAN. I have had good > results setting up a few tunnels in the past month or so. What specifically > were you trying to find with respect to ipfw ? What evaluates a packet first? ipfw rules or setkey rules? ... > #!/bin/sh > #PPPoE config > ifconfig lo0 10.1.2.1 netmask 255.255.255.0 alias > gifconfig gif0 169.1.134.1 172.168.93.4 > ifconfig gif0 inet 10.1.2.1 10.1.1.1 netmask 255.255.255.0 > setkey -FP > setkey -F > setkey -c <<EOF > spdadd 10.1.2.0/24 10.1.1.0/24 any -P out ipsec > esp/tunnel/169.1.134.1-172.168.93.4/require; > spdadd 10.1.1.0/24 10.1.2.0/24 any -P in ipsec > esp/tunnel/172.168.93.4-169.1.134.1/require; > EOF Why are you using gif0? I understand that gif0 is not recommended for IPv4 over IPv4 tunnels. Also, since you are using ipsec tunnels setup via setkey, I don't think gif0. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10011200849560.1138-100000>