Date: Thu, 14 Sep 2000 01:48:27 -0400 From: Matthew Hagerty <mhagerty@voyager.net> To: freebsd-net@FreeBSD.ORG Subject: To finish this VPN configuration...? Message-ID: <4.3.2.7.2.20000914012505.00c27580@pop3.venux.net>
next in thread | raw e-mail | index | archive | help
Greetings,
If this belongs in security (or even questions) my apologies, it seemed
appropriate for net...
I am trying to get a simple VPN between two gateways configured but there
seems to be a lack of examples on doing this with FreeBSD. What I have so
far is this:
Added to the kernel:
options IPSEC
options IPSEC_ESP
Set:
sysctl -w net.inet6.ip6.forwarding=1
Checked out the example in the handbook for a IP4 tunnel config, something
like this:
======= AH =======
| |
Network-A Gateway-A Gateway-B Network-B
10.0.1.0/24 ---- 172.16.0.1 ----- 172.16.0.2 ---- 10.0.2.0/24
So I entered the setkey parameters like the example, replacing the
172.16.0.x addresses with the real external IP addresses of the two hosts.
# setkey -c <<EOF
spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec
ah/tunnel/172.16.0.1-172.16.0.2/require ;
.
.
.
EOF
At this point I was hoping the _magic_ would happen and I would be able to
ping 10.0.2.1 from the 10.0.1.1 network and vice-versa. Of course it
didn't happen.
Any insight as to what might be missing or still left unconfigured would be
greatly appreciated. Every reference I find on IPSec and VPN immediately
goes into talk about security and seems to leave out a few details about
the actual configuration. I can help but think that there has to be some
route configuration in there somewhere, etc...
Thanks,
Matthew
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20000914012505.00c27580>