Re: question on tunnels (VPN)

• Previous message: Mikhail P.: "Re: question on tunnels (VPN)"
• In reply to: Mikhail P.: "question on tunnels (VPN)"
• Next in thread: Mikhail P.: "Re: question on tunnels (VPN)"
• Reply: Mikhail P.: "Re: question on tunnels (VPN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 23 Sep 2004 09:18:30 +1000
To: "Mikhail P." <miha@ghuug.org>

On Wed, Sep 22, 2004 at 04:17:59PM +0000, Mikhail P. wrote:
> HOST_A [192.168.0.1]:
> ifconfig gif0 create
> ifconfig gif0 tunnel 192.168.0.1 192.168.0.2
> ifconfig gif0 10.0.0.1 10.0.0.2 netmask 255.255.255.255
>
> and on -
>
> HOST_B [192.168.0.2]:
> ifconfig gif0 create
> ifconfig gif0 tunnel 192.168.0.2 192.168.0.1
> ifconfig gif0 10.0.0.2 10.0.0.1 netmask 255.255.255.255
>
> The above works well for me, and I can send traffic on 10.0.0.1 and 10.0.0.2.
>
> The next thing I wanted to implement is to create similar tunnel from our
> local router (which is FreeBSD too) to remote server, however there is small
> problem which stops me - router has no public IP, and it sees internet
> through DSL router, so basically that router is NAT'ed behind DSL router.
> As far as I understand, it appears to be that I won't be able to create such a
> simple tunnel, unless my router gets public IP address.

I have the same situation here and the solution was to let the ADSL
router forward all unknown traffic to my router. How to do that is
router specific, but it can be done.

Then, with the tunnels:

central# ifconfig gif1 inet
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 218.185.88.66 --> 203.111.122.8
        inet 10.10.12.1 --> 10.10.12.2 netmask 0xffffffff

remote# ifconfig gif1 inet
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 192.168.1.1 --> 218.185.88.66
        inet 10.10.12.2 --> 10.10.12.1 netmask 0xffffff00

203.111.122.8 is my ADSL routers address.
192.168.1.1 is my computers RFC1918 address.

Two static routes, one on each machine, and it works.

Edwin

-- 
Edwin Groothuis      |            Personal website: http://www.mavetju.org
edwin@mavetju.org    |          Weblog: http://weblog.barnet.com.au/edwin/
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Mikhail P.: "Re: question on tunnels (VPN)"
• In reply to: Mikhail P.: "question on tunnels (VPN)"
• Next in thread: Mikhail P.: "Re: question on tunnels (VPN)"
• Reply: Mikhail P.: "Re: question on tunnels (VPN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages question on tunnels (VPN) ... I have used the following scenario between two hosts (both ... ifconfig gif0 tunnel 192.168.0.1 192.168.0.2 ... local router to remote server, ... (freebsd-net) Re: question on tunnels (VPN) ... > I have been experimenting with simple gif tunnels in local network ... > ifconfig gif0 create ... > local router to remote server, ... > simple tunnel, unless my router gets public IP address. ... (freebsd-net) Re: Cisco ASA IPSEC Tunnelling ... I suggest creating a GRE tunnel between the MPLS connecting routers. ... Configure the GRE tunnel to go from a loopback IP address on one router ... DS-1/T-1 or similar connection. ... (comp.dcom.sys.cisco) Re: I-Net und VPN über LANCOM-Router ... Der ISA hat mit dem VPN Tunnel eigentlich gar nichts zu tun, ... auf der 2.Netzwerkkarte ist der Router angeschlossen. ... (microsoft.public.de.german.isaserver) Re: OpenSwan - Linux VPN to Linux VPN ... I want to be able to use all the resources on the host network. ... I can get some of it to work changing the routes manually. ... There are 4 IP addresses associated with a VPN tunnel: ... The left router knows that the packet in destined via the tunnel, ... (comp.os.linux.networking)