Date: Mon, 4 Dec 2000 13:08:20 -0800 (PST) From: Philip Hallstrom <philip@adhesivemedia.com> To: Per Tore Larsen <per.tore.larsen@fernonorden.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Vtund documentation Message-ID: <Pine.BSF.4.21.0012041300260.94975-100000@oddjob.adhesivemedia.com> In-Reply-To: <25879E6A7E74D411B9370050043B7F3E09F7C4@fernonorden.com>
next in thread | previous in thread | raw e-mail | index | archive | help
(for the archive searches: vtun tunnel encrypt secure )
I've been meaning to post what I did, but never get around to it... this
is as good as time as any I guess :)
This is my network:
___________ ___________
| | | |
10.0.0.1- gw1 -111.111.111.111 <---> 222.222.222.222- gw2 -10.1.0.1
(LAN) | | (Internet) (Internet) | | (LAN)
|_________| |_________|
| |
10.2.0.1 <------------ encrypted -------------> 10.2.0.2
(tunnel) (tunnel)
On gw1, vtund.conf looks like this and is started as "vtund -s":
-----------------------------------------------------------------------------
options {
port 5555;
persist yes;
timeout 60;
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipfw;
}
gw2 {
passwd somesecretpassphrase;
type tun;
device tun0;
proto udp;
compress no;
speed 0;
encrypt yes;
keep-alive yes;
up {
ifconfig "%% 10.2.0.1 10.2.0.2 netmask 255.255.255.0";
route "add -net 10.1.0.0 -netmask 255.255.255.0 10.2.0.2";
};
down {
route "delete -net 10.1.0.0";
ifconfig "%% down";
};
}
-----------------------------------------------------------------------------
On gw2, vtund.conf looks like this and is started as "vtund gw2 111.111.111.111":
-----------------------------------------------------------------------------
options {
port 5555;
persist yes;
timeout 60;
ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipfw;
}
gw2 {
passwd somesecretpassphrase;
type tun;
device tun0;
proto udp;
compress no;
speed 0;
encrypt yes;
keep-alive yes;
up {
ifconfig "%% 10.2.0.2 10.2.0.1 netmask 255.255.255.0";
route "add -net 10.0.0.0 -netmask 255.255.255.0
10.2.0.1";
};
down {
route "delete -net 10.0.0.0";
ifconfig "%% down";
};
}
-----------------------------------------------------------------------------
The only other thing to do is open up your firewall to let those packets
in... something like this:
add 4000 pass tcp from any to 111.111.111.111 5555 #gw1 only
add 4000 pass udp from any to 111.111.111.111 5555 #gw1 only
add 4000 pass ip from any to any via tun0
That should do it.
-philip
On Mon, 4 Dec 2000, Per Tore Larsen wrote:
> Hi.
>
> Does anybody have any www site with documentation on the vtund port
> in the ports collections.
>
> Have searched www.freebsd.org and www.freebsddiary.org without any
> luck.
>
> Anybody?
>
> PeTe
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012041300260.94975-100000>