From owner-freebsd-questions Tue Oct 22 16:25: 4 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F3DD37B401; Tue, 22 Oct 2002 16:25:02 -0700 (PDT) Received: from smtp1.chello.se (smtp1.chello.se [193.150.195.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1707443E65; Tue, 22 Oct 2002 16:25:01 -0700 (PDT) (envelope-from girgen@pingpong.net) Received: from palle.girgensohn.se ([213.89.136.93]) by smtp1.chello.se (InterMail vK.4.04.00.00 201-232-137 license 1626c9846e046e5eb21c6bb450d1abc1) with ESMTP id <20021022232353.GPVH6991.smtp1@palle.girgensohn.se>; Wed, 23 Oct 2002 01:23:53 +0200 Received: from localhost (localhost [127.0.0.1]) by palle.girgensohn.se (8.12.6/8.12.6) with ESMTP id g9MNOrPa029753; Wed, 23 Oct 2002 01:24:54 +0200 (CEST) (envelope-from girgen@pingpong.net) Date: Wed, 23 Oct 2002 01:24:53 +0200 From: Palle Girgensohn To: freebsd-security@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG Subject: ipsec, ESP & IKE, freebsd as vpn `client' <-> openbsd, how? Message-ID: <133830000.1035329093@palle.girgensohn.se> X-Mailer: Mulberry/2.2.1 (Linux/x86) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi! We just moved our company to a new `office hotel', and they have an openbsd firewall with an VPN setup that I should be able to use from home. A consultant set the openbsd machine up, and the guys in the new office knows absolutely nothing about unix whatsoever. When asking how to use the VPN, I got instructions for setting up the windows utility `PGP Desktop Security'. Fine, I thought, I have the info I need: - a shared secret - IKE is used - ESP is used - no AH - the preferred order for ciphers and hashes Here's what I want to do: Home, 1.2.3.4 (dhcp address) | | ipsec tunnel | OpenBSD, 5.6.7.8 w/ NAT 192.168.1.1 | --------------------------------------------- ... | | | | 192.168.1.2 192.168.1.3 192.168.1.4 192.168.1.5 I want to access the machines behind the FW. Pretty straight forward, huh? ;-) Anyway, I know the OpenBSD machine uses isakmpd, so I started looking at that port, but the docs are very confusing. Also checked racoon, and I guess both should work, but all examples are for setting up both ends at once - in this case the `server' peer is already setup, and I don't exactly how, just roughly. Problem is, I just don't have time to learn everything about ipsec at this time, I need the connection working yesterday... :-( Is there a crash course / FAQ that will actually help me? Or can someone just give some hints on how to set things up on the FreeBSD end, from scratch? Thanks in advance Palle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message