IPSEC documentation

Tiago Cruz tiagocruz at b4br.net
Wed Feb 1 04:34:31 PST 2006 

Hello from all, good morning.

I wrote a little article speaking about VPN in FreeBSD, called "VPN
Solutions integrating Linux, FreeBSD and Windows":
http://www.linuxrapido.org/modules.php?name=Sections&op=viewarticle&artid=95

Well, I can't saw the start from this thread, but I have some things to
add in this handbook's documentation:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html

Fist from all, very thanks by this documentation, because is very good.

1-) "Note: In FreeBSD 5.X, the functionality provided by the
gifconfig(8) utility has been merged into ifconfig(8)."

But we don't have any example to do this. A litle bit of example will
help many people, like this:

FreeBSD 4.x:
gifconfig gif0 A.B.C.D W.X.Y.Z
ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 0xffffffff

FreeBSD 5.x and above:
ifconfig gif0 create
ifconfig gif0 tunnel A.B.C.D W.X.Y.Z
ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 255.255.252.0


2-) How I can do that raccon is working?

Please, you can spoke about the "setkey -a -D" command, before and after ping between hosts. 


3-) A little script do help us:

We wrote a small stupid-simple script to put in /usr/local/etc/rc.d:

============================================

#/bin/sh
# Script to start the VPN Out/2005
# Irado furious with all (irado at globecom.net)
# Tiago Cruz (tiagocruz at linuxrapido.org)
  
  ip_OF_THERE="200.000.000.001"
  ip_HERE="200.000.000.002"
  gateway_OF_THERE="192.168.0.1"
  gateway_HERE="192.168.2.1"
  net_OF_THERE="192.168.0.0"
  net_HERE="192.168.2.0"
  mask="255.255.255.0"
  
  case ${1} in
      start)
           echo "Inicializando VPN..."
           /sbin/ifconfig gif0 create
           /sbin/ifconfig gif0 tunnel ${ip_HERE} ${ip_OF_THERE}
           /sbin/ifconfig gif0 inet ${gateway_HERE} ${gateway_OF_THERE} netmask ${mask}
           /sbin/route add -net ${net_OF_THERE} -netmask ${mask} ${gateway_OF_THERE}
           /usr/sbin/setkey -f /etc/ipsec.conf
           /usr/local/sbin/racoon
           pfctl -f /etc/pf.conf
           ;;
      stop)
          echo "Finishing VPN..."
          /sbin/ifconfig gif0 destroy
	  /sbin/route delete -net ${net_OF_THERE} -netmask ${mask} ${gateway_OF_THERE}
          killall racoon
          ;;
      *)
          echo "Use 'vpn start' ou 'vpn stop'!"
          ;;
  esac
  exit 0

============================================

Hope this help something

-- 

Tiago Cruz
http://linuxrapido.org
Linux User #282636

"The box said: Requires MS Windows or better, so I installed Linux"

More information about the freebsd-net mailing list