trying to set up PGPNet

From: John Hines (bigjohn_101@hotmail.com)
Date: 03/03/02

Next message: Scott M. Nolde: "Re: ipfw and DHCP"
Previous message: isabelle boinot: "GALAS, J.L. MERY et O. LE GUISQUET)."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "John Hines" <bigjohn_101@hotmail.com>
To: <freebsd-security@freebsd.org>
Date: Sat, 2 Mar 2002 20:13:39 -0500

Hello,

I'm looking for help/documentation to set up a remote vpn client (PGPNet) to connect to my internal network behind a FreeBSD fw. I've been able to set up a vpn between two FreeBSD firewalls, but I'm unable to find any docs on how to have a remote PC connect to my internal net's using PGPNet.
I assume the setup for PGPNet would be similar to setting up a vpn between two FreeBSD firewalls. This is my current network topology:

External Interface

X.X.X.X

+--> Remote PC <--> Internet <--> FreeBSD GW

| |

Cable Modem Y.Y.Y.Y 192.168.1.0/24

Win98 box Internal Nets

I'm assuming that I need to add a line to my psk.txt file with the IP Y.Y.Y.Y and a password abc123. I'm also assuming that my raccoon.conf file will not need to change. Would this be the correct way to set up my kame-bsd.sh script to run the setkey tool?

#!/bin/sh
#
# IP addresses
#
# External Interface External Interface
# 1.2.3.4 5.6.7.8
# | |
# +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+
# | |
# 172.16.1.0/24 192.168.0.0/24
# FW-1 Protected Nets Internal Nets
#
setkey -FP
setkey -F
# Configure the Policy
setkey -c << END
spdadd 192.168.1.0/24 Y.Y.Y.Y/32 any -P out ipsec
esp/tunnel/X.X.X.X-Y.Y.Y.Y/require;
spdadd Y.Y.Y.Y 192.168.1.0/24 any -P in ipsec
esp/tunnel/Y.Y.Y.Y-X.X.X.X;

Also would this be the correct way add the gif funnel?
ifconfig gif0 create

gifconfig gif0 inet X.X.X.X Y.Y.Y.Y

ifconfig gif0 inet 192.168.1.1 Y.Y.Y.Y 255.255.255.0

Is there anything I missed?

Thanks in advance,

John Hines

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Scott M. Nolde: "Re: ipfw and DHCP"
Previous message: isabelle boinot: "GALAS, J.L. MERY et O. LE GUISQUET)."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Problem with Racoon/IPSec/Setkey - Routing to/from multiple networks
... here using setkey and racoon. ... Setkey adds all of the below lines fine, ... spdadd $$any -P out ipsec ...
(freebsd-net)
Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...
... As soon as I changed the setkey parameters to a non tunnel device ... spdadd 10.22.200.0/24 10.21.0.0/16 any -P out ipsec ... phase 1 I agg: ...
(FreeBSD-Security)
Re: Cant set up an IPsec tunnel.
... setkey -FP ... spdadd 0.0.0.0/0 192.168.0.0/24 any -P out ipsec ... i'm wondering what if any troubles because of that RedHat gate with the ...
(FreeBSD-Security)