Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

On 11/27/2012 11:29 AM, Seth Mos wrote: >> >> For a project such as OpenVPN, a (portable) fix might be non-trivial. >> However, I guess FreeBSD might hook some PF rules when establishing the >> VPN tunnel, such that e.g. all v6 traffic is filtered (yes, this is >> certainly not the most desirable f

Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts

Op 27-11-2012 14:58, Fernando Gont schreef: > Folks, > > FYI. This is might affect FreeBSD users employing e.g. OpenVPN: > . > > For a project such as OpenVPN, a (portable) fix might be non-trivial. > However, I guess FreeBSD might hook so

Re: vpn trouble

On 6/22/2010 3:55 PM, r...@dzie-ciuch.pl wrote: I managed to do an IP in IP tunnel with IPsec encryption between a FreeBSD and a cisco router running 12.1(mumble) several years ago. It is a desirable option if you want to use routing (e.g. ospf). You can't route an IPSec tunnel (actually, is th

Re: vpn trouble

But its working!! Ralf On Wed, 23 Jun 2010 13:34:52 +0200, Maciej Suszko wrote: > wrote: >> >> Hmmm, >> >> Maybe I do some error using gateway 10.20.0.1? >> Maybe I have to set something in route to network 10.10.1.x go >> throught gif0 interface? > > First of all, find out what the other

Re: vpn trouble

Thanks guys it's working. I couldn't ping 10.10.1.90 (external network) but they could ping me. I got another question: How to set another tunnel to me host like: 10.20.0.1 (my gif0) --> 78.x.x.x (my bce1) <---> 78.y.y.y <--> 10.20.1.1 I copy 2 lines (with changing ip's) so now i got 4 lines

Re: vpn trouble

wrote: > > Hmmm, > > Maybe I do some error using gateway 10.20.0.1? > Maybe I have to set something in route to network 10.10.1.x go > throught gif0 interface? First of all, find out what the other side configuration is. My configuration was only proposal. -- regards, Maciej Suszko. _

Re: vpn trouble

Hmmm, Maybe I do some error using gateway 10.20.0.1? Maybe I have to set something in route to network 10.10.1.x go throught gif0 interface? Ralf On Wed, 23 Jun 2010 10:58:31 +0200, VANHULLEBUS Yvan wrote: > On Wed, Jun 23, 2010 at 10:52:19AM +0200, r...@dzie-ciuch.pl wrote: > [] >> When

Re: vpn trouble

On Wed, Jun 23, 2010 at 10:52:19AM +0200, r...@dzie-ciuch.pl wrote: [] > When on one console i type tcpdump -i gif0 I don't receive any values! > So I thing I should set route do it right? > > Can you tell me how to do it? > > netstat -rn print something like this: > DestinationGatewa

Re: vpn trouble

> > Looks like, but if you still can't ping, you still have an issue > somewhere :-) > > First, check that you now have ESP packets going out from your IPsec > gate when you try to ping. > > > Then, usual issues at that step are: > > - something on the way blocks ESP packets. Solution may be

Re: vpn trouble

On Wed, Jun 23, 2010 at 10:37:18AM +0200, r...@dzie-ciuch.pl wrote: [...] > > Do you also have later some logs like: > > : INFO : IPsec-SA established: ESP/Tunnel > > > > Yes I got: > > 2010-06-23 10:18:06: DEBUG: pfkey UPDATE succeeded: ESP/Tunnel > 95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd6

Re: vpn trouble

On Wed, 23 Jun 2010 10:32:29 +0200, VANHULLEBUS Yvan wrote: > On Wed, Jun 23, 2010 at 10:28:48AM +0200, r...@dzie-ciuch.pl wrote: >> Ok I found that my psk.txt has got wrong permissions > > Yes, we'll have to set up a more explicit error message when psk file > has wrong permissions. Ok. I

Re: vpn trouble

On Wed, Jun 23, 2010 at 10:28:48AM +0200, r...@dzie-ciuch.pl wrote: > Ok I found that my psk.txt has got wrong permissions Yes, we'll have to set up a more explicit error message when psk file has wrong permissions. > Now I can get SAD keys! > > ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[

Re: vpn trouble

Ok I found that my psk.txt has got wrong permissions Now I can get SAD keys! ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[500] spi:8a8881ee5182cbfb:53dab6ad5a65629d But one thing - why can't I ping 10.10.1.90? Regards Ralf On Wed, 23 Jun 2010 10:05:55 +0200, VANHULLEBUS Yvan wrote: > On Wed

Re: vpn trouble

On Wed, Jun 23, 2010 at 09:53:56AM +0200, r...@dzie-ciuch.pl wrote: > > Hi, Hi. > I set everything like you wrote and I can send and receice packets but > still I can't ping to host 10.10.1.90, > and when I type #setkey -D there is no SAD entry > > What could it be? > > This is part of racoon

Re: vpn trouble

Hi, I set everything like you wrote and I can send and receice packets but still I can't ping to host 10.10.1.90, and when I type #setkey -D there is no SAD entry What could it be? This is part of racoon log: Jun 23 09:43:57 czesio racoon: DEBUG: === Jun 23 09:43:57 czesio racoon: DEBUG: comp

Re: vpn trouble

Hi. On Tue, Jun 22, 2010 at 07:08:19PM +0200, Maciej Suszko wrote: [] > Set up a gif tunnel in rc.conf: > > cloned_interfaces="gif0" > ifconfig_gif0="tunnel 78.x.x.x 95.x.x.x" > ifconfig_gif0_alias0="10.20.0.1 netmask 255.255.255.255 10.10.1.90" > > 10.20.0.1 is your internal end of the tunn

Re: vpn trouble

wrote: > I forgot send last time - on the other side is cisco router ... Perhaps vpnc would be easier to set up than raccoon? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail t

Re: vpn trouble

> > I managed to do an IP in IP tunnel with IPsec encryption between a > FreeBSD and a cisco router running 12.1(mumble) several years ago. > > It is a desirable option if you want to use routing (e.g. ospf). You > can't route an IPSec tunnel (actually, is this now possible with enc0 > inter

Re: vpn trouble

On 6/22/2010 2:22 PM, David DeSimone wrote: Maciej Suszko wrote: So as you write they should set: ?? 10.20.0.1 (my ip on gif device)<-> 78.x<-> 95.x<-> 10.10.1.90 (other side) Yes, indeed. And additionaly I thing I should correct set spd policy to: spdadd 10.20.0.1 10.10.1.90 any -P o

Re: vpn trouble

"David DeSimone" wrote: > Maciej Suszko wrote: > > > > > So as you write they should set: ?? > > > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90 > > > (other side) > > > > Yes, indeed. > > > > > And additionaly I thing I should correct set spd policy to: > > > > > > spdadd 1

Re: vpn trouble

Thanks guys, I try it tomorrow and I send you is it works or not. Regards Ralf On Tue, 22 Jun 2010 20:26:36 +0200, Maciej Suszko wrote: > wrote: >> >> Hi, >> >> I try to set VPN like I wrote earlier. >> 78.x is server and this is not NAT. He dont forward anything. >> >> >> I try to configur

Re: vpn trouble

wrote: > > Hi, > > I try to set VPN like I wrote earlier. > 78.x is server and this is not NAT. He dont forward anything. > > >> I try to configure VPN over my server and my client > >> > >> Sheme is like this > >> 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90 > > > > Are you trying to set up IPSEC

Re: vpn trouble

Maciej Suszko wrote: > > > So as you write they should set: ?? > > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90 > > (other side) > > Yes, indeed. > > > And additionaly I thing I should correct set spd policy to: > > > > spdadd 10.20.0.1 10.10.1.90 any -P out ipsec > > esp/tu

Re: vpn trouble

r...@dzie-ciuch.pl wrote: > > >> 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90 > > I try to set VPN like I wrote earlier. > 78.x is server and this is not NAT. He dont forward anything. > > I try to set tunnel behing my server 78.x and gateway 95.x translating > packets to 10.x. I can only set 78.x si

Re: vpn trouble

wrote: > > > >> Hmmm, aggressive mode wasn't help :( > >> Still I got only negotiation, so I try to send packets but I don't > >> receive it at all. > >> > >> On my server 78.x.x.x I got ipfw allow all from any to any. > >> On the other side 95.x.x.x they tell me that they do it everything > >>

Re: vpn trouble

>> Hmmm, aggressive mode wasn't help :( >> Still I got only negotiation, so I try to send packets but I don't >> receive it at all. >> >> On my server 78.x.x.x I got ipfw allow all from any to any. >> On the other side 95.x.x.x they tell me that they do it everything >> right - only I can't conn

Re: vpn trouble

Hi, I try to set VPN like I wrote earlier. 78.x is server and this is not NAT. He dont forward anything. >> I try to configure VPN over my server and my client >> >> Sheme is like this >> 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90 > > Are you trying to set up IPSEC tunneling of networks behind the

Re: vpn trouble

wrote: > > Hmmm, aggressive mode wasn't help :( > Still I got only negotiation, so I try to send packets but I don't > receive it at all. > > On my server 78.x.x.x I got ipfw allow all from any to any. > On the other side 95.x.x.x they tell me that they do it everything > right - only I can't co

Re: vpn trouble

r...@dzie-ciuch.pl wrote: > > I try to configure VPN over my server and my client > > Sheme is like this > 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90 Are you trying to set up IPSEC tunneling of networks behind these gateways, or are you only trying to secure traffic between the peers themselves? Th

Re: vpn trouble

Hmmm, aggressive mode wasn't help :( Still I got only negotiation, so I try to send packets but I don't receive it at all. On my server 78.x.x.x I got ipfw allow all from any to any. On the other side 95.x.x.x they tell me that they do it everything right - only I can't connect :( Maybe I don't

Re: vpn trouble

On Tue, Jun 22, 2010 at 05:11:58PM +0200, r...@dzie-ciuch.pl wrote: > > Hi, > > Thanks for help > > I new on it and I never use VPN, only I have to do it. > Please tell me how to check peer's log? I dont know how to check it? If that's really a firewall-1 as said in comments, I just don't know.

Re: vpn trouble

Hi, Thanks for help I new on it and I never use VPN, only I have to do it. Please tell me how to check peer's log? I dont know how to check it? Have I change my racoon.conf exchange to aggressive, main? I forgot send last time - on the other side is cisco router, maybe this is important Regar

Re: vpn trouble

On Tue, Jun 22, 2010 at 03:59:50PM +0200, r...@dzie-ciuch.pl wrote: > > Hi, Hi. > I try to configure VPN over my server and my client [] According to your racoon's debug (and confirmed by tcpdump), racoon tries to initiate a phase1 negociation, but never gets any answer from peer, so you m

Re: VPN with FAST_IPSEC and ipsec tools

David DeSimone wrote: - -- David DeSimone == Network Admin == [EMAIL PROTECTED] I got it going! Its working like a dream now. I don't have a for sure reason why it wasn't working but my best guess is it was one that actually boiled down to a silly mistake as you suggested. I feel quite si

Re: VPN with FAST_IPSEC and ipsec tools

David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David DeSimone <[EMAIL PROTECTED]> wrote: Hmm... In examining my kernel configuration I found these options: options IPSEC options IPSEC_ESP options IPSEC_DEBUG # options IPSEC_FILTERGIF # opt

Re: VPN with FAST_IPSEC and ipsec tools

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David DeSimone <[EMAIL PROTECTED]> wrote: > > Hmm... In examining my kernel configuration I found these options: > > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG > # options IPSEC_FILTERGIF > # options F

Re: VPN with FAST_IPSEC and ipsec tools

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Vince <[EMAIL PROTECTED]> wrote: > > After reloading ipsec and racoon I tried to do a traceroute from a > client behind the local gateway to a client behind the remote gateway, > it went off and did a typical traceroute through the gateway out

Re: VPN with FAST_IPSEC and ipsec tools

David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Vince <[EMAIL PROTECTED]> wrote: The main reason to use IPSEC tunnel mode and avoid GIF is that such a config is interoperable with other IPSEC implementations, and thus is much more useful in the real world.

Re: VPN with FAST_IPSEC and ipsec tools

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Vince <[EMAIL PROTECTED]> wrote: > > > The main reason to use IPSEC tunnel mode and avoid GIF is that such > > a config is interoperable with other IPSEC implementations, and thus > > is much more useful in the real world. > > OK that said, how

Re: VPN with FAST_IPSEC and ipsec tools

David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Candler <[EMAIL PROTECTED]> wrote: Ah, I guess this means you're following the instructions in the FreeBSD handbook, which last time I looked gave a most bizarre and unnecessary way of setting up IPSEC (GIF tunneling

Re: VPN with FAST_IPSEC and ipsec tools

On 2006-06-16 12:02, Doug Barton <[EMAIL PROTECTED]> wrote: > David DeSimone wrote: > > I ran into the same thing when analyzing the handbook's examples, and > > quickly abandoned the handbook when writing my own configs. > > Those who are more knowledgeable on this topic might want to > consider w

Re: VPN with FAST_IPSEC and ipsec tools

Brian Candler wrote: On Fri, Jun 16, 2006 at 01:43:54PM +1000, Michael Vince wrote: I have setup the GRE tunneling and that is working fine doing pings and tracerts when I disable ipsec and ipsec-tools, its just the encryption side thats the problem. Ah, I guess this means you're f

Re: VPN with FAST_IPSEC and ipsec tools

David DeSimone wrote: > I ran into the same thing when analyzing the handbook's examples, and > quickly abandoned the handbook when writing my own configs. Those who are more knowledgeable on this topic might want to consider writing an update, or an entirely new section for this. You don't need

Re: VPN with FAST_IPSEC and ipsec tools

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Candler <[EMAIL PROTECTED]> wrote: > > Ah, I guess this means you're following the instructions in the > FreeBSD handbook, which last time I looked gave a most bizarre and > unnecessary way of setting up IPSEC (GIF tunneling running on top of > I

Re: VPN with FAST_IPSEC and ipsec tools

On Fri, Jun 16, 2006 at 01:43:54PM +1000, Michael Vince wrote: > I have setup the GRE tunneling and that is working fine doing pings and > tracerts when I disable ipsec and ipsec-tools, its just the encryption > side thats the problem. Ah, I guess this means you're following the instructions in

Re: VPN when host is not gateway

On Thu, 2006-01-26 at 23:50 +, Nate Nielsen wrote: > > So, my questions is this: How I make this route? > > I guess either with the 'route' command or by running a routing protocol > like RIP or OSPF. Thank you, but I can do this: I make this route at my FreeBSD gateway: cat /usr/local/etc

Re: VPN when host is not gateway

Tiago Cruz wrote: > On Mon, 2006-01-23 at 20:49 +, Nate Nielsen wrote: > > >>I'd use tcpdump on the various interfaces (tap devices, ethernet) on the >>machines in question to see exactly at which host is not forwarding the >>packets properly and where they're going. > > > Thank you Nielsen

Re: VPN when host is not gateway

On Mon, 2006-01-23 at 20:49 +, Nate Nielsen wrote: > I'd use tcpdump on the various interfaces (tap devices, ethernet) on the > machines in question to see exactly at which host is not forwarding the > packets properly and where they're going. Thank you Nielsen! I'm not expert in art of tcpdu

Re: VPN when host is not gateway

Tiago Cruz wrote: > If I install the VPN in my gateway (192.168.0.1), the laptop client host > (Windows XP) is able to ping my virtual server (10.8.0.1), my gateway > (192.168.0.1) and all my LAN (192.168.0.0/22). > > If I install the VPN in my gateway backup (192.168.0.253, with CARP), > the lapt

Re: vpn over ipsec question

> On Mon, 24 May 2004 09:22:08 +0700, > Muhammad Reza <[EMAIL PROTECTED]> said: > I try to configure vpn over ipsec between two FreeBSD (4.10PRERELEASE > and 5.1.p17) gateways. > My guidelines is from FreeBSD handbook, > Tunelling is workfine with gifconfig command, i can ping each inter

Re: VPN with FreeBSD using some form of encryption

Not sure if it helps your particular situation, but you might want to take a look at OpenVPN (/usr/ports/security/openvpn). It's an application layer VPN implementation (SSL) as opposed to IPSec, but seems to work well for dynamic IP addresses and endpoints behind NAT devices. Quite stable, as we

RE: VPN

> -Original Message- > From: Nikolay Petrov [mailto:[EMAIL PROTECTED]] > Sent: 22 November 2002 07:18 > To: [EMAIL PROTECTED]; Ian Watkinson > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Re: VPN > > > Hello Ian, > > Thur

Re: VPN

this worked for me the last time I did it. http://stuff.adhesivemedia.com/freebsd/mpd.php On Thu, 21 Nov 2002, Ian Watkinson wrote: > Been looking at a number of how-to's on the web for connecting Win2k > clients to Freebsd as a VPN. > > However, despite carefully following them, I can't get any

Re: VPN Tunneling

On Wed, Oct 09, 2002 at 08:37:30AM -0600, Andy wrote: > > >On Wed, Oct 09, 2002 at 01:49:51PM +0300, Ivailo Tanusheff wrote: > >Hello, > > > >I'm trying to make a VPN tunnel between a FreeBSD machine and a Win2K > >Machine. My configuration is: > > > >{Net1} <---> <--...--> <---> {Net2} > > > >

Re: VPN Tunneling

>On Wed, Oct 09, 2002 at 01:49:51PM +0300, Ivailo Tanusheff wrote: >Hello, > >I'm trying to make a VPN tunnel between a FreeBSD machine and a Win2K >Machine. My configuration is: > >{Net1} <---> <--...--> <---> {Net2} > >Win2k machine has dynamically assigned IP address as it's connecting to >p

Re: VPN Tunneling

On Wed, Oct 09, 2002 at 01:49:51PM +0300, Ivailo Tanusheff wrote: > Hello, > > I'm trying to make a VPN tunnel between a FreeBSD machine and a Win2K > Machine. My configuration is: > > {Net1} <---> <--...--> <---> {Net2} > > Win2k machine has dynamically assigned IP address as it's connecting

Re: VPN / VLAN?

Kris Kirby wrote: >>What is required to make this work though is that you can get a few >>static IPs inside the 216.6.6.129/25 net (in your example) to relay. > > I'm a little confused by this. It's simple, really. At ISI, for example, we have the 128.9/16 subnet. We use a class C inside that b

Re: VPN / VLAN?

On Wed, 3 Apr 2002, Lars Eggert wrote: > We have a vtun setup (tethered.net) that does just that (relay the real > Internet to the inside of a NAT box) to support DARPA PI meetings. We're > currently documenting the thing and will put up a website with > descriptions and the config scripts. Ping m

Re: VPN / VLAN?

Kris Kirby wrote: > Let say I have a machine I want to attach to internet subnet > 216.6.6.129/25. But the machine is at my house, NAT'd from the world. So > to network the machine, I'd have to "bridge" across something like a VLAN > over an IPSEC tunnel. Is this right? Can it be done that way? Is

Re: "VPN Server" with NT Domain authentication?

Jason DiCioccio writes: > I'm trying to replace our current NT (PPTP) vpn with a FreeBSD VPN > with minimal impact. Is there any way to run a PPTP server using mpd and > have it authenticate against an NT domains (perhaps with PAM?). Or are > there any other packages I can use that will do

Re: Solution (RE: VPN client with mpd)

In article <[EMAIL PROTECTED]>, Garrett Wollman <[EMAIL PROTECTED]> wrote: > < said: > > > Oh. I haven't actually sniffed it, so I'll assume you're right. I > > apologize for the misinformation. > > Well, that's the situation as it was described upthread, and I > experienced something similar

Re: Solution (RE: VPN client with mpd)

< said: > Oh. I haven't actually sniffed it, so I'll assume you're right. I > apologize for the misinformation. Well, that's the situation as it was described upthread, and I experienced something similar when I was first setting up PPP dialups here. -GAWollman To Unsubscribe: send mail to

Re: Solution (RE: VPN client with mpd)

In article <[EMAIL PROTECTED]>, Garrett Wollman <[EMAIL PROTECTED]> wrote: > < said: > > > The trouble with this is that your password will be sent unencrypted > > across the Internet, very possibly hitting a sniffer or two along the > > way. It's better to insist on chap and fix the broken pee

Re: Solution (RE: VPN client with mpd)

< said: > The trouble with this is that your password will be sent unencrypted > across the Internet, very possibly hitting a sniffer or two along the > way. It's better to insist on chap and fix the broken peers. Actually, no: the other side, which considers itself a server, doesn't want to au

Re: Solution (RE: VPN client with mpd)

In article <[EMAIL PROTECTED]>, Lars Eggert <[EMAIL PROTECTED]> wrote: > > Thanks to Archie and Brian, I now have a working PPTP tunnel up. Here's > what I changed from the example vpn configuration included in the mpd > package in /usr/local/etc/mpd/mpd.conf, I thought I'd document this in > cas

Solution (RE: VPN client with mpd)

Thanks to Archie and Brian, I now have a working PPTP tunnel up. Here's what I changed from the example vpn configuration included in the mpd package in /usr/local/etc/mpd/mpd.conf, I thought I'd document this in case someone else runs accross the same problem: 1. Remove the "set iface addrs" lin

Re: VPN client with mpd

> Hi, > > I'm trying to set up a VPN client on my FreeBSD laptop, so I can tunnel > through to work from home. I've played with both mpd and pptpclient from > ports, and mpd seems more robust (pptpclient likes to sometimes start > eating all CPU time). So I'd decided to to this with mpd; please l

Re: VPN tunnel with DHCP ...

> Now, back to Gunther's request - could you do IPSec over PPP over TCP? But of course :-) You can even do NAT in this scenario if required - as the NAT will happen before the data is encapsulated in the tcp stream that ipsec's policies are mangling. > -- > Matt Emmerton -- Brian <[EMAIL PR

Re: VPN tunnel with DHCP ...

# This tread is being at three mailing list... > >> now, the problem is that the ${sohoip} is dynamically assigned > >> with DHCP. How can the gateway at the headquarter know that > >> ${sohoip} address? > I don't know whether this is actually possible to do yet. But, you > should be able to co

Re: VPN tunnel with DHCP ...

On Wed, 25 Apr 2001, Gunther Schadow wrote: > Hi, > > about my SOHO router project, I came accross a tough problem, may > be I overlook that there is a solution already? The VPN gateway > at the small office / home office (SOHO) has an IPsec tunnel > connecting it to its headquarter: > > setke

Re: VPN tunnel with DHCP ...

> > > Hi, > > > > > > about my SOHO router project, I came accross a tough problem, may > > > be I overlook that there is a solution already? The VPN gateway > > > at the small office / home office (SOHO) has an IPsec tunnel > > > connecting it to its headquarter: > > > > > > setkey -c < > > sp

Re: VPN tunnel with DHCP ...

> > Hi, > > > > about my SOHO router project, I came accross a tough problem, may > > be I overlook that there is a solution already? The VPN gateway > > at the small office / home office (SOHO) has an IPsec tunnel > > connecting it to its headquarter: > > > > setkey -c < > spdadd ${sohonet} ${

Re: VPN tunnel with DHCP ...

[Original attribution lost.] >> now, the problem is that the ${sohoip} is dynamically assigned >> with DHCP. How can the gateway at the headquarter know that >> ${sohoip} address? I don't know whether this is actually possible to do yet. But, you should be able to configure racoon to use a publ

Re: VPN tunnel with DHCP ...

> Hi, > > about my SOHO router project, I came accross a tough problem, may > be I overlook that there is a solution already? The VPN gateway > at the small office / home office (SOHO) has an IPsec tunnel > connecting it to its headquarter: > > setkey -c < spdadd ${sohonet} ${homenet} -P out ip

Re: VPN ?

http://stuff.adhesivemedia.com/freebsd has howto's for pipsecd and vtund. On Sat, 7 Apr 2001, Alessandro de Manzano wrote: > Hi! > > I've a couple of 4.2-stable machines on the Internet, both with static > public IPs, so I would try to configure a VPN between them. > > Is there a tutorial / how

Re: VPN ?

Quoth Alessandro de Manzano on Sat, Apr 07, 2001 at 05:39:08PM +0200: > Hi! > > I've a couple of 4.2-stable machines on the Internet, both with static > public IPs, so I would try to configure a VPN between them. > > Is there a tutorial / how-to / examples somewhere ? > I guess I should use the

Re: VPN ?

Hi, On Sat, Apr 07, 2001 at 05:52:45PM +0200, Alessandro de Manzano wrote: > does pipsecd use IPsec, as far as I can see here now (just found in the > ports) ? pipsecd is a userland implementation which is setup quite fast, it uses the tun device iirc. bye, alex -- alexander goller

Re: VPN ?

On Sat, Apr 07, 2001 at 05:50:02PM +0200, Alexander Goller wrote: > > Is there a tutorial / how-to / examples somewhere ? > > I guess I should use the /dev/tunX devices, but how ? > > If you're doing serious stuff you should really use the builtin IPSec > that came with the Kame stack. man ipsec

Re: VPN ?

Hi, On Sat, Apr 07, 2001 at 05:39:08PM +0200, Alessandro de Manzano wrote: > Hi! > > I've a couple of 4.2-stable machines on the Internet, both with static > public IPs, so I would try to configure a VPN between them. > > Is there a tutorial / how-to / examples somewhere ? > I guess I should us

Re: VPN question

Julian Elischer wrote: > > Motonori Shindo wrote: > > > > Mark, > > > > There are two that I know of; one is PPTP implementation and another > > is L2TP implementation. > > > > There is a ports/packages for PPTP called 'pptpclient'. You many need > > to modify pppd a little bit, depending on how

Re: VPN question

IRE Has a rather nice IPSec client for NT/2K/Win that (at least) operates rather nicely with Cisco and Altiga stuff. It's one of the most commonly used clients from an OEM point of view. I've never tested it against FreeBSD but I think it would be possible with Pre-Shared keys? (At least easy to

Re: VPN question

t; > mailto:[EMAIL PROTECTED] > > > > -Original Message- > > From: Justin T. Gibbs [mailto:[EMAIL PROTECTED]] > > Sent: Friday, February 02, 2001 11:19 AM > > To: [EMAIL PROTECTED] > > Subject: Re: VPN question > > > > >

Re: VPN question

From: Justin T. Gibbs [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 02, 2001 11:19 AM > To: [EMAIL PROTECTED] > Subject: Re: VPN question > > >Justin, > . > > Hi Mark. Good to hear from you! > >I have a question about FreeBSD and I'm hopi

Re: VPN

ppX wrote: > > Hello > I have an question regarding VPN. > I have found no good documentation for the thing i want to do > We want to make direct links to 2 gateways which will be connected > Every computer that is linked need to be tunneling. > > C=Computer > GW=Gateway > > Both gateways are a