Re: question on tunnels (VPN)

• Previous message: Pekka Savola: "Weird memory exhaustion with FreeBSD 4.10-STABLE"
• In reply to: Mikhail P.: "question on tunnels (VPN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 23 Sep 2004 14:45:14 +0200
To: net@freebsd.org

On Wed, Sep 22, 2004 at 04:17:59PM +0000, Mikhail P. wrote:
> Dear users,
>
> I have been experimenting with simple gif tunnels (no IPSec) in local network
> (192.168.0.0/24). I have used the following scenario between two hosts (both
> running FreeBSD-5.2.1):
>
> HOST_A [192.168.0.1]:
> ifconfig gif0 create
> ifconfig gif0 tunnel 192.168.0.1 192.168.0.2
> ifconfig gif0 10.0.0.1 10.0.0.2 netmask 255.255.255.255
>
> and on -
>
> HOST_B [192.168.0.2]:
> ifconfig gif0 create
> ifconfig gif0 tunnel 192.168.0.2 192.168.0.1
> ifconfig gif0 10.0.0.2 10.0.0.1 netmask 255.255.255.255
>
> The above works well for me, and I can send traffic on 10.0.0.1 and 10.0.0.2.
>
> The next thing I wanted to implement is to create similar tunnel from our
> local router (which is FreeBSD too) to remote server, however there is small
> problem which stops me - router has no public IP, and it sees internet
> through DSL router, so basically that router is NAT'ed behind DSL router.
> As far as I understand, it appears to be that I won't be able to create such a
> simple tunnel, unless my router gets public IP address.
>
> What I tried next was MPD pptp link (which is known to work behind NAT, unlike
> above example), but something (ISP? DSL router?) cuts GRE packets on their
> way, so MPD can't establish LCP connection with remote host.
>
> I'm now in loss as to what to try next - could someone please advise what
> other techniques will work in my scenario (where I want to connect machine
> which is behind NAT and no GRE packets will go through)?

Have a look at /usr/ports/net/vtun. It allows you to create tunnels
over virtually any transport you can find including TCP and UDP (but
also raw IP, serial lines, ssh tunnels ...). Tunnel endpoints are
tunN devices. It has built in encryption (openssl) en compression (lzo,
zlib and even a traffic shaper.

> regards,
> M.

HTH

Paul Schenkeveld, Consultant
PSconsult ICT Services BV
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Pekka Savola: "Weird memory exhaustion with FreeBSD 4.10-STABLE"
• In reply to: Mikhail P.: "question on tunnels (VPN)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages question on tunnels (VPN) ... I have used the following scenario between two hosts (both ... ifconfig gif0 tunnel 192.168.0.1 192.168.0.2 ... local router to remote server, ... (freebsd-net) Re: Cisco ASA IPSEC Tunnelling ... I suggest creating a GRE tunnel between the MPLS connecting routers. ... Configure the GRE tunnel to go from a loopback IP address on one router ... DS-1/T-1 or similar connection. ... (comp.dcom.sys.cisco) Re: I-Net und VPN über LANCOM-Router ... Der ISA hat mit dem VPN Tunnel eigentlich gar nichts zu tun, ... auf der 2.Netzwerkkarte ist der Router angeschlossen. ... (microsoft.public.de.german.isaserver) Re: OpenSwan - Linux VPN to Linux VPN ... I want to be able to use all the resources on the host network. ... I can get some of it to work changing the routes manually. ... There are 4 IP addresses associated with a VPN tunnel: ... The left router knows that the packet in destined via the tunnel, ... (comp.os.linux.networking) Re: Multiple VPN connections from behind a NAT - Netgear and Linksys routers ... Maybe it means 1 PPTP Tunnel and 1 IPSEC/L2TP tunnel? ... >I have a Netgear router at home and my home network is behind the NAT ... >work using Windows XP's built in VPN software. ... >routers out there support multiple VPN passthrough tunnels? ... (microsoft.public.windowsxp.work_remotely)