David DeSimone wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Candler <[EMAIL PROTECTED]> wrote:
Ah, I guess this means you're following the instructions in the
FreeBSD handbook, which last time I looked gave a most bizarre and
unnecessary way of setting up IPSEC (GIF tunneling running on top of
IPSEC *tunnel* mode). I raised it on this list before.
I ran into the same thing when analyzing the handbook's examples, and
quickly abandoned the handbook when writing my own configs.
Most people are better off just setting up IPSEC tunnel mode. A few
use GIF running on top of IPSEC _transport_ mode (e.g. those running
routing protocols like OSPF over tunnels)
The main reason to use IPSEC tunnel mode and avoid GIF is that such a
config is interoperable with other IPSEC implementations (Cisco,
Checkpoint, etc), and thus is much more useful in the real world.
- --
David DeSimone == Network Admin == [EMAIL PROTECTED]
OK that said, how do you create a network to network tunnel based VPN
without using the gif or gre devices?
I been trying to link up 2 networks between to VPN gateways and I have
kind of given up, all the examples out there use a gif tunnel or a gre
tunnel.
I simply haven't been able to work out the routes or how to make
ipsec-tools trigger based on seeing interesting traffic, its using a
preshared key configuration.
I have been using the typical ipsec.conf settings that most examples
give for tunnel configurations but still no luck.
At first I thought it was a NAT-T problem as the reason the IKE wasn't
kicking in but after testing with pure internet IPs and no nat I
realized it wasn't that.
If I could just have an example to look at I think it could really help.
Thanks
Mike
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
