Date: Mon, 4 Dec 2000 13:08:20 -0800 (PST) From: Philip Hallstrom <philip@adhesivemedia.com> To: Per Tore Larsen <per.tore.larsen@fernonorden.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Vtund documentation Message-ID: <Pine.BSF.4.21.0012041300260.94975-100000@oddjob.adhesivemedia.com> In-Reply-To: <25879E6A7E74D411B9370050043B7F3E09F7C4@fernonorden.com>
next in thread | previous in thread | raw e-mail | index | archive | help
(for the archive searches: vtun tunnel encrypt secure ) I've been meaning to post what I did, but never get around to it... this is as good as time as any I guess :) This is my network: ___________ ___________ | | | | 10.0.0.1- gw1 -111.111.111.111 <---> 222.222.222.222- gw2 -10.1.0.1 (LAN) | | (Internet) (Internet) | | (LAN) |_________| |_________| | | 10.2.0.1 <------------ encrypted -------------> 10.2.0.2 (tunnel) (tunnel) On gw1, vtund.conf looks like this and is started as "vtund -s": ----------------------------------------------------------------------------- options { port 5555; persist yes; timeout 60; ppp /usr/sbin/pppd; ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipfw; } gw2 { passwd somesecretpassphrase; type tun; device tun0; proto udp; compress no; speed 0; encrypt yes; keep-alive yes; up { ifconfig "%% 10.2.0.1 10.2.0.2 netmask 255.255.255.0"; route "add -net 10.1.0.0 -netmask 255.255.255.0 10.2.0.2"; }; down { route "delete -net 10.1.0.0"; ifconfig "%% down"; }; } ----------------------------------------------------------------------------- On gw2, vtund.conf looks like this and is started as "vtund gw2 111.111.111.111": ----------------------------------------------------------------------------- options { port 5555; persist yes; timeout 60; ppp /usr/sbin/pppd; ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipfw; } gw2 { passwd somesecretpassphrase; type tun; device tun0; proto udp; compress no; speed 0; encrypt yes; keep-alive yes; up { ifconfig "%% 10.2.0.2 10.2.0.1 netmask 255.255.255.0"; route "add -net 10.0.0.0 -netmask 255.255.255.0 10.2.0.1"; }; down { route "delete -net 10.0.0.0"; ifconfig "%% down"; }; } ----------------------------------------------------------------------------- The only other thing to do is open up your firewall to let those packets in... something like this: add 4000 pass tcp from any to 111.111.111.111 5555 #gw1 only add 4000 pass udp from any to 111.111.111.111 5555 #gw1 only add 4000 pass ip from any to any via tun0 That should do it. -philip On Mon, 4 Dec 2000, Per Tore Larsen wrote: > Hi. > > Does anybody have any www site with documentation on the vtund port > in the ports collections. > > Have searched www.freebsd.org and www.freebsddiary.org without any > luck. > > Anybody? > > PeTe > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012041300260.94975-100000>