Date: Fri, 30 Aug 2002 23:50:09 +0200 From: ahb@ahb.net To: freebsd-security@freebsd.org Subject: Cisco <-> FreeBSD / Kame / Raccon Ipsec Interoperabilty Message-ID: <3D7004B1.4052.750D3BD@localhost>
next in thread | raw e-mail | index | archive | help
Hi ! Perhaps a bit off topic on this list, but perhaps one of you guys has an answer to the following question. I have two sites. One is running a cisco router and a second that has a FreeBSD box with a DSL dialup line. Behind both boxes is a LAN that I would like to connect together with an ipsec tunnel. The cisco router is not under my control and perhaps everything would be fine if the cisco router would not assign the unencrypted end of the tunnel from a pool of a class "C" network. So I have basicly the following configuration 10.1/16 Private LAN "A" | FreeBSD box | Some dynamic IP from the dialup provider | Internet | 1.2.3.4 Fixed IP on the public end of the cisco | cisco | 10.2.1/24 dynamic assigned IP | Some other firewall stuff here and the LAN behind it The configuration is normally used as a dialin pool for home office PC's, but there are some guys that do have a working dialup LAN on their home office rather than a single PC. So setting up the public side of the gif interface is a piece of cake. The dynamic IP is assigned during the setup of the IPsec connection. What I could not find out until now is how to set up the private part of the gif interface. Usually one would have to use : ifconfig <src-priv> <dest-priv> netmask <netmask> But since the dest-priv address is assigned during the tunnel setup I could not figure out how to configure the private destination address. Also it would be a question how the setkey parameters for the spdadd have to be, as I would need this destination address there as well. So if someone has this kind of setup in use, could you please send me the scripts ? Or if someone has an idea where to start searching, this would be nice as well. I have been searching the internet for nearly two days now, but I could not find an answer for this. I forgot to mention that the FreeBSD box is running 4.2. If this is too old, it would not hurt to upgrade it to some newer version. Thanks in advance Achim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D7004B1.4052.750D3BD>