Date: Sat, 26 Oct 2002 11:50:17 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Thomas Gielfeldt <thomas@gielfeldt.dk> Cc: freebsd-net@freebsd.org Subject: Re: Connecting two LANs via VPN Message-ID: <Pine.BSF.4.21.0210261141590.13443-100000@InterJet.elischer.org> In-Reply-To: <MWMail.hbhkhbae@host.none>
next in thread | previous in thread | raw e-mail | index | archive | help
gosh there are almost too many ways to do this.. I use mpd, connected by a UDP tunnel over IPSEC I use mpd for it's multilink capability, and have multiple UDP tunnels, connected via different ISPs, so if one goes down it only degrades my link rather than cutting it.. On Sat, 26 Oct 2002, Thomas Gielfeldt wrote: > Hi > > I'm trying to set up a VPN connection between two freebsd gateways. > What I want to do is to setup a connection between the two gateways, so that all the hosts on the > two networks are connected to each other, as if they physically were on one network. > > Below is a schematic of my network setup. > > > +--------------+ <public ip> > | Cisco Router | --------------- > +--------------+ <172.16.0.1/16> > | > | > | > +--------------+ > | Switch | > +--------------+ > / \ > / \ > / \ > / \ > <172.16.1.1/16> +-----------+ +-----------+ <172.16.2.1/16> > ----------------- | Gateway A | | Gateway B | ----------------- > <10.0.1.1/24> +-----------+ +-----------+ <10.0.2.1/24> > | | > | | > | | > +------------------------------+ +------------------------------+ > | Network A | | Network B | > | | | | > | | | | > | | | | > | +---------+ +---------+ | | +---------+ +---------+ | > | | Host A1 | | Host A2 | | | | Host B1 | | Host B2 | | > | +---------+ +---------+ | | +---------+ +---------+ | > | <10.0.1.2/24> <10.0.1.3/24> | | <10.0.2.2/24> <10.0.2.3/24> | > +------------------------------+ +------------------------------+ > > > I have tried it using: > VTun 2.5 > ppp > PopTop > mpd > IPSec > OpenVPN > > I have gotten them all to work, and all hosts can see each other. > There's only one thing which doesn't work... Broadcast packets... Broadcast packets can't be used between two networks. you need to be bridging, not routing.. > The setup is intended for gaming, and most games search for servers > by sending out broadcast packets to address 255.255.255.255. My goal > is to make a packet from e.g. 10.0.1.2 destined for 255.255.255.255, > forwarded to the 10.0.2.0 net. I think I've tried just about any > approach I can think of, so now I need some help. you can use ipfw and a divert socket to capture such packets and forward them. you will need to write your own daemon to forward them to the other net. > > I can see the packets destined for 255.255.255.255 comming in on the > gateway through the tun- device, but they don't seem to get any > further than that. > > Each gateway is more or less configured similarly, running IPFilter > (with ipnat). > > If anyone has any ideas or examples on how to do this please don't > hesitate to share them with me. If you need to see some of my config > files just say so and I'll post the ones you want to see. (I didn't > want to post every config file I've tried for this setup 'cause then > this posting would really have gotten bloated). The IP's and > netmasks given to the networks aren't essential in any way, so if > they have to be changed, that's fine. > > BTW. IPSec only works for me sometimes? But I've dropped the IPSec > solution, since I could understand that it wasn't possible to tunnel > IPX packets through IPSec. IPX over this VPN connection is of course > my next plan, once I've gotten this to work. then you need an encapsulation protocol that handles multiple protocols.. maybe ppp protocol. > > Thanks in advance. > > Best Regards > Thomas Gielfeldt BTW try keep line lengths below about 75 chars.. this was reformatted by my mailer so I could read it... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0210261141590.13443-100000>