question on tunnels (VPN)
Julian Elischer
julian at elischer.org
Wed Sep 22 14:26:47 PDT 2004
Mikhail P. wrote:
>Dear users,
>
>I have been experimenting with simple gif tunnels (no IPSec) in local network
>(192.168.0.0/24). I have used the following scenario between two hosts (both
>running FreeBSD-5.2.1):
>
>HOST_A [192.168.0.1]:
>ifconfig gif0 create
>ifconfig gif0 tunnel 192.168.0.1 192.168.0.2
>ifconfig gif0 10.0.0.1 10.0.0.2 netmask 255.255.255.255
>
>and on -
>
>HOST_B [192.168.0.2]:
>ifconfig gif0 create
>ifconfig gif0 tunnel 192.168.0.2 192.168.0.1
>ifconfig gif0 10.0.0.2 10.0.0.1 netmask 255.255.255.255
>
>The above works well for me, and I can send traffic on 10.0.0.1 and 10.0.0.2.
>
>The next thing I wanted to implement is to create similar tunnel from our
>local router (which is FreeBSD too) to remote server, however there is small
>problem which stops me - router has no public IP, and it sees internet
>through DSL router, so basically that router is NAT'ed behind DSL router.
>As far as I understand, it appears to be that I won't be able to create such a
>simple tunnel, unless my router gets public IP address.
>
>What I tried next was MPD pptp link (which is known to work behind NAT, unlike
>above example), but something (ISP? DSL router?) cuts GRE packets on their
>way, so MPD can't establish LCP connection with remote host.
>
>I'm now in loss as to what to try next - could someone please advise what
>other techniques will work in my scenario (where I want to connect machine
>which is behind NAT and no GRE packets will go through)?
>
I use MPD using the "UDP" transport.
in other words packets get sent as udp packets.
I then set up IPSEC to encrypt the UDP packets..
when I had a NAT in the way I did further encapsulate the GRE packets in
UDP again :-)
More information about the freebsd-net
mailing list