Re: question on tunnels (VPN)

From: Julian Elischer (julian_at_elischer.org)
Date: 09/22/04

  • Next message: Mikhail P.: "Re: question on tunnels (VPN)" 
    Date: Wed, 22 Sep 2004 14:26:46 -0700
To: miha@ghuug.org

    Mikhail P. wrote:

    >Dear users,
    >
    >I have been experimenting with simple gif tunnels (no IPSec) in local network
    >(192.168.0.0/24). I have used the following scenario between two hosts (both
    >running FreeBSD-5.2.1):
    >
    >HOST_A [192.168.0.1]:
    >ifconfig gif0 create
    >ifconfig gif0 tunnel 192.168.0.1 192.168.0.2
    >ifconfig gif0 10.0.0.1 10.0.0.2 netmask 255.255.255.255
    >
    >and on -
    >
    >HOST_B [192.168.0.2]:
    >ifconfig gif0 create
    >ifconfig gif0 tunnel 192.168.0.2 192.168.0.1
    >ifconfig gif0 10.0.0.2 10.0.0.1 netmask 255.255.255.255
    >
    >The above works well for me, and I can send traffic on 10.0.0.1 and 10.0.0.2.
    >
    >The next thing I wanted to implement is to create similar tunnel from our
    >local router (which is FreeBSD too) to remote server, however there is small
    >problem which stops me - router has no public IP, and it sees internet
    >through DSL router, so basically that router is NAT'ed behind DSL router.
    >As far as I understand, it appears to be that I won't be able to create such a
    >simple tunnel, unless my router gets public IP address.
    >
    >What I tried next was MPD pptp link (which is known to work behind NAT, unlike
    >above example), but something (ISP? DSL router?) cuts GRE packets on their
    >way, so MPD can't establish LCP connection with remote host.
    >
    >I'm now in loss as to what to try next - could someone please advise what
    >other techniques will work in my scenario (where I want to connect machine
    >which is behind NAT and no GRE packets will go through)?
    >

    I use MPD using the "UDP" transport.

    in other words packets get sent as udp packets.

    I then set up IPSEC to encrypt the UDP packets..

    when I had a NAT in the way I did further encapsulate the GRE packets in
    UDP again :-)

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Mikhail P.: "Re: question on tunnels (VPN)"

    Relevant Pages

    • question on tunnels (VPN)
      ... I have used the following scenario between two hosts (both ... ifconfig gif0 tunnel 192.168.0.1 192.168.0.2 ... local router to remote server, ...
      (freebsd-net)
    • Re: Cisco ASA IPSEC Tunnelling
      ... I suggest creating a GRE tunnel between the MPLS connecting routers. ... Configure the GRE tunnel to go from a loopback IP address on one router ... DS-1/T-1 or similar connection. ...
      (comp.dcom.sys.cisco)
    • Re: I-Net und VPN über LANCOM-Router
      ... Der ISA hat mit dem VPN Tunnel eigentlich gar nichts zu tun, ... auf der 2.Netzwerkkarte ist der Router angeschlossen. ...
      (microsoft.public.de.german.isaserver)
    • Re: OpenSwan - Linux VPN to Linux VPN
      ... I want to be able to use all the resources on the host network. ... I can get some of it to work changing the routes manually. ... There are 4 IP addresses associated with a VPN tunnel: ... The left router knows that the packet in destined via the tunnel, ...
      (comp.os.linux.networking)
    • Re: Multiple VPN connections from behind a NAT - Netgear and Linksys routers
      ... Maybe it means 1 PPTP Tunnel and 1 IPSEC/L2TP tunnel? ... >I have a Netgear router at home and my home network is behind the NAT ... >work using Windows XP's built in VPN software. ... >routers out there support multiple VPN passthrough tunnels? ...
      (microsoft.public.windowsxp.work_remotely)