From owner-freebsd-questions  Mon Dec 10  2:29:51 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from mix.premierbank.dp.ua (premierbank.atlantis.dp.ua [193.108.46.78])
	by hub.freebsd.org (Postfix) with SMTP id 43B9437B41B
	for <freebsd-questions@freebsd.org>; Mon, 10 Dec 2001 02:29:17 -0800 (PST)
Received: (qmail 6697 invoked by uid 85); 10 Dec 2001 10:28:44 -0000
Received: from kot@premierbank.dp.ua by mix.premierbank.dp.ua with qmail-scanner-1.01 (. Clean. Processed in 0.363278 secs); 10 Dec 2001 10:28:44 -0000
Received: from kot.premierbank.dp.ua (HELO kot) (192.168.2.136)
  by mix.premierbank.dp.ua with SMTP; 10 Dec 2001 10:28:43 -0000
Message-ID: <002c01c18165$71512d70$8802a8c0@premierbank.dp.ua>
From: "Konstantin Reznichenko" <kot@premierbank.dp.ua>
To: <freebsd-questions@freebsd.org>
Cc: <freebsd-ipfw@freebsd.org>, <freebsd-hackers@freebsd.org>
Subject: IPsec & dummynet - HELP!
Date: Mon, 10 Dec 2001 12:28:43 +0200
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Disposition-Notification-To: "Konstantin Reznichenko" <kot@premierbank.dp.ua>
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello, All.

   I do not know already where to dig!
Is IPSec the tunnel through dial-up, on it(him) with the help UUCP the file
exchange is organized.

IPSEC.CONF:
 #!/bin/sh
flush;
spdflush;
add 10.0.0.51 10.0.0.50 esp 0x10051 -m tunnel
 -E 3des-cbc "123456789012345678901234"
 -A hmac-sha1 "12345678901234567890";
add 10.0.0.50 10.0.0.51 esp 0x10050 -m tunnel
 -E 3des-cbc "123456789012345678901234"
 -A hmac-sha1 "12345678901234567890";
spdadd 192.168.2.0/24 192.168.3.0/24 any -P out ipsec
 esp/tunnel/10.0.0.50-10.0.0.51/require;
spdadd 192.168.3.0/24 192.168.2.0/24 any -P in ipsec
 esp/tunnel/10.0.0.51-10.0.0.50/require;

RC.CONF:
gif_interfaces = "gif0"
gifconfig_gif0 = " 10.0.0.50 10.0.0.51"
ifconfig_gif0 = " inet 192.168.2.249 192.168.3.212 netmask 255.255.255.0"
static_routes = "0"
route_0 = "-net 192.168.3.0 192.168.3.212 -netmask 255.255.255.0"
ipsec_enable = "YES"

I try to organize restriction of the traffic in the tunnel through gif0:

IPFW pipe 10 config bw 33600bit/s out
IPFW queue 1 config pipe 10 weight 50
IPFW add 60100 queue 1 tcp from any 540 to any via gif0

Under this rule any package does not get, TCPDUMP on gif0 - is silent.
On seen IPsec packages do not reach up to ipfw, and at once get in the
tunnel.
The search in the Internet has not brought expected results.
In OpenBSD there is a special device "enc" intended specially for these
purposes (through him(it) passes all traffic before that how to get in the
tunnel).
Really on FreeBSD it cannot be realized?
Somebody decided(solved) similar tasks?
I shall be grateful for any information!

Kot.

PS: I am sorry for bad English



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message