On Thu, Oct 31, 2002 at 03:37:52PM +0000, Wayne Pascoe wrote: > Hi all, > > I'm struggling to setup a VPN. I'm now reading through > http://www.daemonnews.org/200101/ipsec-howto.html > and this is confusing me even more :( > > Reading this, I see: > > However, if your goal is to set up a VPN, that is, link 2 > widely-separated networks together over the Internet, then you'll > probably want to use ESP/tunnel mode. > > The example then goes on to show > spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec > esp/transport/1.2.3.4-5.6.7.8/require; > > which is transport mode, no ? Yes, this is transport mode. AFAIK the article describes a situation where you encapsulate the packets using IPIP (gif tunnel), which is then encapsulated using ESP (transoprt mode). Not sure this is a correct impression and if yes, why. > > Can anyone point me at a decent howto to link 2 networks together? I'm > trying to setup 2 VPN gateways so that everything behind each of those > talks to everything behind the other one via a VPN. > > I'm also confused about the ifconfig instructions for the gif0 > device. I've got 2 network cards going with one being the external > device > (172.16.0.1 and 172.16.0.2 respectively) > and the other for the internal network > (10.0.1.1 and 10.0.2.1 respectively) > What should my gifconfig and ifconfig lines be ?
Last time I tried I just used
spdadd 10.10.10.0/24 10.20.20.0/24 any -P out ipsec
esp/tunnel/1.2.3.4-5.6.7.8/require;
and an analogous line for the other direction.
And, surprise, it worked. I think.
m&f
--
What do you care what other people think?
msg07251/pgp00000.pgp
Description: PGP signature
