From owner-freebsd-security Thu Jan 24 13:16: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe070.worldonline.dk (fe070.worldonline.dk [212.54.64.208]) by hub.freebsd.org (Postfix) with SMTP id 2F93237B400 for ; Thu, 24 Jan 2002 13:15:55 -0800 (PST) Received: (qmail 22075 invoked by uid 0); 24 Jan 2002 21:15:10 -0000 Received: from unknown (HELO dpws) (213.237.14.128) by fe070.worldonline.dk with SMTP; 24 Jan 2002 21:15:10 -0000 Message-ID: <02d401c1a51c$9487a730$0301a8c0@dpws> From: "Dennis Pedersen" To: Subject: FreeBSD 4,4 && racoon && tunnel && nat? Date: Thu, 24 Jan 2002 22:17:49 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi! I need to make a VPN tunnel between 2 lokations and i have no posibility of getting a 'real' ipaddress for each of the FreeBSD box's so i need to use nat. But how to i conf gif and setkey? Does my gifconfig include the IP address of the 'wan' NIC on my BSD box or the real ip adress my router was assigned? What about setkey, what ip do i specify there? - the outside nics ip or the ip of the natting router? Another thing that has been bugging me a bit is, do i have to specify anything out of the ordenary in order to one of the box'es to have 2 or more tunnels to the box? spdadd 192.168.2.0/24 192.168.3.0/24 any -P out ipsec esp/tunnel/a.a.a.a-x.x.x.x/require; spdadd 192.168.3.0/24 192.168.2.0/24 any -P in ipsec esp/tunnel/x.x.x.x-a.a.a.a./require; Regards Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message