From owner-freebsd-net Sat Oct 26 11:17:50 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 721D637B401 for ; Sat, 26 Oct 2002 11:17:48 -0700 (PDT) Received: from smtp030.tiscali.dk (smtp030.tiscali.dk [212.54.64.105]) by mx1.FreeBSD.org (Postfix) with ESMTP id C958043E75 for ; Sat, 26 Oct 2002 11:17:41 -0700 (PDT) (envelope-from thomas@gielfeldt.dk) Received: from [10.0.1.126] (213.237.34.52.adsl.suoe.worldonline.dk [213.237.34.52]) by smtp030.tiscali.dk (8.12.5/8.12.5) with SMTP id g9QIHcp4022487 for ; Sat, 26 Oct 2002 20:17:38 +0200 (MEST) From: Thomas Gielfeldt Subject: Connecting two LANs via VPN To: freebsd-net@freebsd.org Date: Sat, 26 Oct 2002 20:22:15 +0200 Lines: 79 Message-ID: Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Mailer: Kaufman Mail Warrior 3,61 Final Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi I'm trying to set up a VPN connection between two freebsd gateways. What I want to do is to setup a connection between the two gateways, so that all the hosts on the two networks are connected to each other, as if they physically were on one network. Below is a schematic of my network setup. +--------------+ | Cisco Router | --------------- +--------------+ <172.16.0.1/16> | | | +--------------+ | Switch | +--------------+ / \ / \ / \ / \ <172.16.1.1/16> +-----------+ +-----------+ <172.16.2.1/16> ----------------- | Gateway A | | Gateway B | ----------------- <10.0.1.1/24> +-----------+ +-----------+ <10.0.2.1/24> | | | | | | +------------------------------+ +------------------------------+ | Network A | | Network B | | | | | | | | | | | | | | +---------+ +---------+ | | +---------+ +---------+ | | | Host A1 | | Host A2 | | | | Host B1 | | Host B2 | | | +---------+ +---------+ | | +---------+ +---------+ | | <10.0.1.2/24> <10.0.1.3/24> | | <10.0.2.2/24> <10.0.2.3/24> | +------------------------------+ +------------------------------+ I have tried it using: VTun 2.5 ppp PopTop mpd IPSec OpenVPN I have gotten them all to work, and all hosts can see each other. There's only one thing which doesn't work... Broadcast packets... The setup is intended for gaming, and most games search for servers by sending out broadcast packets to address 255.255.255.255. My goal is to make a packet from e.g. 10.0.1.2 destined for 255.255.255.255, forwarded to the 10.0.2.0 net. I think I've tried just about any approach I can think of, so now I need some help. I can see the packets destined for 255.255.255.255 comming in on the gateway through the tun- device, but they don't seem to get any further than that. Each gateway is more or less configured similarly, running IPFilter (with ipnat). If anyone has any ideas or examples on how to do this please don't hesitate to share them with me. If you need to see some of my config files just say so and I'll post the ones you want to see. (I didn't want to post every config file I've tried for this setup 'cause then this posting would really have gotten bloated). The IP's and netmasks given to the networks aren't essential in any way, so if they have to be changed, that's fine. BTW. IPSec only works for me sometimes? But I've dropped the IPSec solution, since I could understand that it wasn't possible to tunnel IPX packets through IPSec. IPX over this VPN connection is of course my next plan, once I've gotten this to work. Thanks in advance. Best Regards Thomas Gielfeldt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message