From owner-freebsd-questions Mon Mar 20 0:31:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from omnix.net (omnix.net [195.154.168.66]) by hub.freebsd.org (Postfix) with SMTP id A82AB37B56F for ; Mon, 20 Mar 2000 00:31:23 -0800 (PST) (envelope-from didier@omnix.net) Received: (qmail 17537 invoked by uid 200); 20 Mar 2000 08:31:22 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 20 Mar 2000 08:31:22 -0000 Date: Mon, 20 Mar 2000 08:31:22 +0000 (GMT) From: Didier Derny To: Mike Tancsa Cc: questions@freebsd.org Subject: Re: ipsec, gif tunneling etc... In-Reply-To: <3.0.5.32.20000317164753.00bcda60@marble.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG it's possible to use gifconfig to build a tunnel between two machine but it's not recommended with ipv4 if I can remember what I've done machine A is on the real network address 192.168.0.1 machine A has the private address 10.0.0.1 machine B is on the real network address 192.168.1.1 machine B has the private address 10.0.0.2 after the tunnel is established A(10.0.0.1) <--- talks to ---> B(10.0.0.1) to link two machine on internet. Machine A gifconfig gif0 192.168.0.1 192.168.1.1 ifconfig gif0 inet 10.0.0.1 10.0.0.2 netmask 255.255.255.255 Machine B gifconfig gif0 192.168.1.1 192.168.0.1 ifconfig gif0 inet 10.0.0.2 10.0.0.1 netmask 255.255.255.255 if you do a traceroute from A to B with the real address (192.168.1.1) you will see all the hops on the way from A to B if you do a traceroute from A to B with the internal address (10.0.0.2) you can't see all the hops on the way from A to B beware that alls this is quite confusing. Test it thorougly before using it on real servers. -- Didier Derny didier@omnix.net On Fri, 17 Mar 2000, Mike Tancsa wrote: > > Apart from the KAME page, and the ipsec man page, and the > /usr/share/examples/IPv6 docs, does anyone have any other handy dandy > documentation ? > > I am trying to setup an IPv4 ipsec tunnel between two hosts and am not > having much luck :-( > > On machine A, I have lets say 172.1.1.1 and on machine B 10.10.10.1, > assigned to the ethernet adaptors on the respective machines. Its not > clear to me when its stated > > Use "gifconfig" to assign physical (outer) source and destination address > to gif interfaces." > > Any pointers (additional references) would be much appricated. > > ---Mike > ------------------------------------------------------------------------ > Mike Tancsa, tel +1 519 651 3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message