Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jun 2005 11:00:28 -0400
From:      tradigan@newrevolutions.net
To:        freebsd-questions@freebsd.org
Subject:   VPN Tunnel
Message-ID:  <200506301100.28371.tradigan@newrevolutions.net>
next in thread | raw e-mail | index | archive | help 
Hey everyone..

I'm having some problems getting a VPN tunnel working between two sites.  
Currently I am just trying to establish a tunnel and worry about the 
encryption after the tunnel is up and functional, however I cannot even get 
the tunnel established.  I have followed the directions from the FreeBSD 
handbook but had no luck.  Here is my scenario:

Network 1:

FreeBSD Internal IP: 192.168.20.13
FreeBSD External IP: 12.34.56.78

Network 2:

FreeBSD Internal IP: 192.168.15.2
FreeBSD External IP: 87.65.43.21

On the Network 1 Box, I configured the gif0 interface as follows:

root@freebsd# ifconfig gif0 create
root@freebsd# ifconfig gif0 tunnel 12.34.56.78 87.65.43.21
root@freebsd# ifconfig gif0 inet 192.168.20.13 192.168.15.2 netmask 
255.255.255.255

For IPFilter, I have the following rules at the TOP of the script:
pass in quick from 87.65.43.21 to any on xl0
pass in quick on gif0 all
pass out quick on gif0 all

On the Network 2 Box, I configured the gif0 interface as follows:

root@host# ifconfig gif0 create
root@host# ifconfig gif0 tunnel 87.65.43.21 12.34.56.78
root@host# ifconfig gif0 inet 192.168.15.2 192.168.20.13 netmask 
255.255.255.255

For IPFilter, I have the following rules at the TOP of the script:
pass in quick from 12.34.56.78 to any on xl0
pass in quick on gif0 all
pass out quick on gif0 all

After I have created both gif0 interfaces on each of the boxes, the FreeBSD 
handbook says I should be able to ping the private IP of the other BSD 
machine.  When I ping from Network 1, I don't get any type of response and 
just 100% failed sent packets.  When I ping from Network 2, I get a 'No route 
to host' message as well as 100% failed sent packets.

I have been at this for 2 days now and I'm really starting to get frustrated.  
Am I missing something here?  Any help would be appreciated.

--Tim

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200506301100.28371.tradigan>