VPN Tunnel

Fabian Keil freebsd-listen at fabiankeil.de
Mon Jul 4 12:16:12 GMT 2005 

tradigan at newrevolutions.net wrote:

> I'm having some problems getting a VPN tunnel working between two sites.  
> Currently I am just trying to establish a tunnel and worry about the 
> encryption after the tunnel is up and functional, however I cannot even get 
> the tunnel established.  I have followed the directions from the FreeBSD 
> handbook but had no luck.  Here is my scenario:
> 
> Network 1:
> 
> FreeBSD Internal IP: 192.168.20.13
> FreeBSD External IP: 12.34.56.78
> 
> Network 2:
> 
> FreeBSD Internal IP: 192.168.15.2
> FreeBSD External IP: 87.65.43.21
> 
> On the Network 1 Box, I configured the gif0 interface as follows:
> 
> root at freebsd# ifconfig gif0 create
> root at freebsd# ifconfig gif0 tunnel 12.34.56.78 87.65.43.21
> root at freebsd# ifconfig gif0 inet 192.168.20.13 192.168.15.2 netmask 
> 255.255.255.255
> 
> For IPFilter, I have the following rules at the TOP of the script:
> pass in quick from 87.65.43.21 to any on xl0
> pass in quick on gif0 all
> pass out quick on gif0 all
> 
> On the Network 2 Box, I configured the gif0 interface as follows:
> 
> root at host# ifconfig gif0 create
> root at host# ifconfig gif0 tunnel 87.65.43.21 12.34.56.78
> root at host# ifconfig gif0 inet 192.168.15.2 192.168.20.13 netmask 
> 255.255.255.255
> 
> For IPFilter, I have the following rules at the TOP of the script:
> pass in quick from 12.34.56.78 to any on xl0
> pass in quick on gif0 all
> pass out quick on gif0 all
> 
> After I have created both gif0 interfaces on each of the boxes, the FreeBSD 
> handbook says I should be able to ping the private IP of the other BSD 
> machine.  When I ping from Network 1, I don't get any type of response and 
> just 100% failed sent packets.  When I ping from Network 2, I get a 'No route 
> to host' message as well as 100% failed sent packets.
> 
> I have been at this for 2 days now and I'm really starting to get frustrated.  
> Am I missing something here?  Any help would be appreciated.

Looks like the routing table in network 2 doesn't work.
netstat -rn should give you a clue what's wrong.

Fabian
-- 
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050704/3e21d66f/attachment.bin

More information about the freebsd-questions mailing list