VPN Tunnel

• Previous message: Alex Zbyslaw: "Re: Moving Files to new hardware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-questions@freebsd.org
Date: Thu, 30 Jun 2005 11:00:28 -0400

Hey everyone..

I'm having some problems getting a VPN tunnel working between two sites.
Currently I am just trying to establish a tunnel and worry about the
encryption after the tunnel is up and functional, however I cannot even get
the tunnel established. I have followed the directions from the FreeBSD
handbook but had no luck. Here is my scenario:

Network 1:

FreeBSD Internal IP: 192.168.20.13
FreeBSD External IP: 12.34.56.78

Network 2:

FreeBSD Internal IP: 192.168.15.2
FreeBSD External IP: 87.65.43.21

On the Network 1 Box, I configured the gif0 interface as follows:

root@freebsd# ifconfig gif0 create
root@freebsd# ifconfig gif0 tunnel 12.34.56.78 87.65.43.21
root@freebsd# ifconfig gif0 inet 192.168.20.13 192.168.15.2 netmask
255.255.255.255

For IPFilter, I have the following rules at the TOP of the script:
pass in quick from 87.65.43.21 to any on xl0
pass in quick on gif0 all
pass out quick on gif0 all

On the Network 2 Box, I configured the gif0 interface as follows:

root@host# ifconfig gif0 create
root@host# ifconfig gif0 tunnel 87.65.43.21 12.34.56.78
root@host# ifconfig gif0 inet 192.168.15.2 192.168.20.13 netmask
255.255.255.255

For IPFilter, I have the following rules at the TOP of the script:
pass in quick from 12.34.56.78 to any on xl0
pass in quick on gif0 all
pass out quick on gif0 all

After I have created both gif0 interfaces on each of the boxes, the FreeBSD
handbook says I should be able to ping the private IP of the other BSD
machine. When I ping from Network 1, I don't get any type of response and
just 100% failed sent packets. When I ping from Network 2, I get a 'No route
to host' message as well as 100% failed sent packets.

I have been at this for 2 days now and I'm really starting to get frustrated.
Am I missing something here? Any help would be appreciated.

--Tim
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

• Previous message: Alex Zbyslaw: "Re: Moving Files to new hardware"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: VPN Tunnel ... > encryption after the tunnel is up and functional, ... I have followed the directions from the FreeBSD ... > Network 1: ... > pass in quick on gif0 all ... (freebsd-questions) Re: New user getting very discouraged with IPv6 problems, cannot get tunnel working completely :( ... snip ... ... ipv6_network_interfaces="rl0 gif0" # List of network interfaces. ... Is your firewall blocking ipv6? ... Don't leave this open after you get the tunnel working. ... (freebsd-questions) Re: IPSEC documentation ... I wrote a little article speaking about VPN in FreeBSD, ... Solutions integrating Linux, FreeBSD and Windows": ... gifconfig gif0 A.B.C.D W.X.Y.Z ... (freebsd-net) Re: ipv6 and magically vanishing routes via gif0 ... I had the same problem on my FreeBSD 6-STABLE box. ... I just upgraded from FreeBSD-5 to -6, and now my default route via gif0 ... It seems wrong that the kernel would delete static routes without even a ... (freebsd-net) Re: VPN / Bridge ... > 'ifconfig gif0 create', but when I try to add it to the bridge I'm ... > ifconfig: BRDGADD gif0: Operation not permitted ... Does your user bob have root privileges and did you try ... (freebsd-questions)