Louis A. Mamakos wrote: >> >>Could someone tell me if there is a way to build a VPN(like) tunnel from >>a FreeBSD machine acting as a VPN gateway to another machine acting as >>another VPN gateway using normal IP packets that have only their data >>payload encrypted. Of course there would have to be a way to setup the >>tunnel and still retain the network addressing of each side of the VPN > > > Look at vtun in /usr/ports/net/vtun to see if this can address your > problem. I use it over a (cable modem) network that seems to > filter IPSEC traffic.
Too bad you can't use IPsec, this seems like the perfect scenario for it. I've also used vtun in such a scenario, and can second that it'll work UNLESS you need your tunnel to go through a NAT box - vtun uses the client's IP address during its authentication handshake (which is dumb, since stronger shared secrets need be in place anyway.) Archie's daemonnews article has an example of how to do UDP tunneling with netgraph, which nets about a 2x performance improvement over vtun (without encryption, haven't figured out how tie in ng_mppc). Lars -- Lars Eggert <[EMAIL PROTECTED]> USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
