From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 12 11:08:21 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A17AA37B401
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Aug 2003 11:08:21 -0700 (PDT)
Received: from filer2.rit.edu (filer2.isc.rit.edu [129.21.2.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C4A6343FBD
	for <freebsd-questions@freebsd.org>;
	Tue, 12 Aug 2003 11:08:20 -0700 (PDT)	(envelope-from krisp@krisp.com)
Received: from krisp.com (196.248.252.64.snet.net [64.252.248.196])
 by osfmail.rit.edu (PMDF V6.1-1 #30661)
 with ESMTPA id <0HJI00G88QDCCW@osfmail.rit.edu> for
 freebsd-questions@freebsd.org; Tue, 12 Aug 2003 14:08:05 -0400 (EDT)
Date: Tue, 12 Aug 2003 14:08:01 -0400
From: David McKenzie <krisp@krisp.com>
To: freebsd-questions@freebsd.org
Message-id: <E94BDAC2-CCEF-11D7-9229-000393BF3560@krisp.com>
MIME-version: 1.0
X-Mailer: Apple Mail (2.552)
Content-type: text/plain; charset=US-ASCII; format=flowed
Content-transfer-encoding: 7BIT
Subject: VPN: Network to Host to Internet
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Aug 2003 18:08:21 -0000

Hello,

I have two freebsd boxes running 5.0 with IPSec enabled and racoon 
installed. This is what I am trying to do:

| internal |  -------> [FreeBSD gateway] ----> (internet) -----> 
[FreeBSD host] -------> internet

I'd like to encapsulate all IP traffic from my internal network at my 
apartment (192.168.1.0/24) through my cable modem to a FreeBSD box at 
school, and then off to the internet. I don't want any traffic to go 
directly to the internet -- I'd like to use IPsec to encrypt all 
traffic to the host at school before reaching the internet.

At this time, I'm not concerned with using Racoon for IKE, as I haven't 
had much luck getting it to work in the past. I am willing to use 
static keys for the time being using the 'setkey' command, but I'm not 
sure how to set everything up as the only documentation I can find is 
host to host or network to network, but not network to host to internet.

Has anyone implemented IPsec in this fashion? Some pointers to 
documentation I may have missed would be appreciated, as well as some 
explanation on how to set up the tunnels and routes to make this 
scenario a reality.

Thanks,
David