From owner-freebsd-net@FreeBSD.ORG  Wed Feb  1 12:34:31 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@FreeBSD.org
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8790116A420
	for <freebsd-net@FreeBSD.org>; Wed,  1 Feb 2006 12:34:31 +0000 (GMT)
	(envelope-from tiagocruz@b4br.net)
Received: from vader.b4br.net (vader.b4br.net [200.152.202.11])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 05BC543D46
	for <freebsd-net@FreeBSD.org>; Wed,  1 Feb 2006 12:34:30 +0000 (GMT)
	(envelope-from tiagocruz@b4br.net)
Received: from localhost (localhost.b4br.net [127.0.0.1])
	by vader.b4br.net (Postfix) with ESMTP id 8B4D1181429;
	Wed,  1 Feb 2006 10:28:52 -0200 (BRST)
Received: from vader.b4br.net ([127.0.0.1])
	by localhost (vader.b4br.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 95811-01; Wed,  1 Feb 2006 10:28:45 -0200 (BRST)
Received: from tuxkiller.matter.b4br.net (yoda.b4br.net [200.152.202.10])
	by vader.b4br.net (Postfix) with ESMTP id DE302181428;
	Wed,  1 Feb 2006 10:28:44 -0200 (BRST)
From: Tiago Cruz <tiagocruz@b4br.net>
To: "freebsd-net@FreeBSD.org" <freebsd-net@FreeBSD.org>
In-Reply-To: <20060120215333.GA48603@uk.tiscali.com>
References: <20051228143817.GA6898@uk.tiscali.com>
	<001401c60bc0$a3c87e90$1200a8c0@gsicomp.on.ca>
	<20051228153106.GA7041@uk.tiscali.com> <20051228164339.GB3875@zen.inc>
	<43B38747.1060906@iteranet.com> <20051229122549.GA11055@uk.tiscali.com>
	<20060120215333.GA48603@uk.tiscali.com>
Content-Type: text/plain
Date: Wed, 01 Feb 2006 10:34:22 -0200
Message-Id: <1138797262.26667.37.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at b4br.net
Cc: irado@hotpop.com
Subject: Re: IPSEC documentation
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Feb 2006 12:34:31 -0000

Hello from all, good morning.

I wrote a little article speaking about VPN in FreeBSD, called "VPN
Solutions integrating Linux, FreeBSD and Windows":
http://www.linuxrapido.org/modules.php?name=Sections&op=viewarticle&artid=95

Well, I can't saw the start from this thread, but I have some things to
add in this handbook's documentation:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html

Fist from all, very thanks by this documentation, because is very good.

1-) "Note: In FreeBSD 5.X, the functionality provided by the
gifconfig(8) utility has been merged into ifconfig(8)."

But we don't have any example to do this. A litle bit of example will
help many people, like this:

FreeBSD 4.x:
gifconfig gif0 A.B.C.D W.X.Y.Z
ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 0xffffffff

FreeBSD 5.x and above:
ifconfig gif0 create
ifconfig gif0 tunnel A.B.C.D W.X.Y.Z
ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 255.255.252.0


2-) How I can do that raccon is working?

Please, you can spoke about the "setkey -a -D" command, before and after ping between hosts. 


3-) A little script do help us:

We wrote a small stupid-simple script to put in /usr/local/etc/rc.d:

============================================

#/bin/sh
# Script to start the VPN Out/2005
# Irado furious with all (irado at globecom.net)
# Tiago Cruz (tiagocruz at linuxrapido.org)
  
  ip_OF_THERE="200.000.000.001"
  ip_HERE="200.000.000.002"
  gateway_OF_THERE="192.168.0.1"
  gateway_HERE="192.168.2.1"
  net_OF_THERE="192.168.0.0"
  net_HERE="192.168.2.0"
  mask="255.255.255.0"
  
  case ${1} in
      start)
           echo "Inicializando VPN..."
           /sbin/ifconfig gif0 create
           /sbin/ifconfig gif0 tunnel ${ip_HERE} ${ip_OF_THERE}
           /sbin/ifconfig gif0 inet ${gateway_HERE} ${gateway_OF_THERE} netmask ${mask}
           /sbin/route add -net ${net_OF_THERE} -netmask ${mask} ${gateway_OF_THERE}
           /usr/sbin/setkey -f /etc/ipsec.conf
           /usr/local/sbin/racoon
           pfctl -f /etc/pf.conf
           ;;
      stop)
          echo "Finishing VPN..."
          /sbin/ifconfig gif0 destroy
	  /sbin/route delete -net ${net_OF_THERE} -netmask ${mask} ${gateway_OF_THERE}
          killall racoon
          ;;
      *)
          echo "Use 'vpn start' ou 'vpn stop'!"
          ;;
  esac
  exit 0

============================================

Hope this help something

-- 

Tiago Cruz
http://linuxrapido.org
Linux User #282636

"The box said: Requires MS Windows or better, so I installed Linux"