Dunno if this belongs to net or security but...
I've established a tunnel between my home FreeBSD host and a corporate
OpenBSD firewall. This works just fine. Well, works, but not good enough.
Specs:
home:
FreeBSD 4.5
IPF
pub-ip: 130.236.218.63
priv-net: 192.168.2.0/24
office:
OpenBSD 3.0-stable
PF
pub-ip: 213.88.128.16
priv-net: 10.0.0.0/24
I think I have this somewhat going. If I launch isakmpd at both ends,
I can see this at OpenBSD box:
# netstat -rn
[...]
Port Destination Port Proto SA(Address/Proto/Type/Direction)
192.168.2/24 0 10.0.0/24 0 0
130.236.218.63/50/use/in 10.0.0/24 0 192.168.2/24 0
0 130.236.218.63/50/require/out
However, on the FreeBSD side, netstat -rn won't show anything about
10.0.0.0/24. Maybe Encap routes won't show in the ordinary routing table
on FreeBSD?
Well, anyways, this works just fine. From 192.168.2.0/24 I can ping to
10.0.0.0/24 and vice versa. Both the private networks can communicate just
fine. However, there is one thing that won't work. Prooly this is a
by-design thing, but I still want it to work =)
>From either the OpenBSD or FreeBSD box, I am unable to reach the private
net behind the other IPSec node. Ie, from FreeBSD box, I cannot reach
10.0.0.0/24. And from OpenBSD box, I cannot reach 192.168.2.0/24.
How come?
--
Rickard
.--. .--.
.----------------------------------------. | | | | .-.
| Rickard Borgm�ster | | | | |/ /
| [EMAIL PROTECTED] | .-^ | .--. | <
| http://doktorn.sub.nu/ | ( o | ( () ) | |\ \
`----------------------------------------' `-----' `--' `--' `--'
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
