Hello,

 I'm looking for help/documentation to set up a remote vpn client (PGPNet) to connect to my internal network behind a FreeBSD fw. I've been able to set up a vpn between two FreeBSD firewalls, but I'm unable to find any docs on how to have a remote PC connect to my internal net's using PGPNet.
    I assume the setup for PGPNet would be similar to setting up a vpn between two FreeBSD firewalls. This is my current network topology:

    
                                                           External Interface

                                                                 X.X.X.X

                                                                       |

       +--> Remote PC <--> Internet <--> FreeBSD GW

       | |

     Cable Modem Y.Y.Y.Y 192.168.1.0/24

      Win98 box Internal Nets

I'm assuming that I need to add a line to my psk.txt file with the IP Y.Y.Y.Y and a password abc123. I'm also assuming that my raccoon.conf file will not need to change. Would this be the correct way to set up my kame-bsd.sh script to run the setkey tool?

#!/bin/sh
#
# IP addresses
#
# External Interface External Interface
# 1.2.3.4 5.6.7.8
# | |
# +--> Firewall-1 <--> Internet <--> FreeBSD GW <--+
# | |
# 172.16.1.0/24 192.168.0.0/24
# FW-1 Protected Nets Internal Nets
#
setkey -FP
setkey -F
# Configure the Policy
setkey -c << END
spdadd 192.168.1.0/24 Y.Y.Y.Y/32 any -P out ipsec
esp/tunnel/X.X.X.X-Y.Y.Y.Y/require;
spdadd Y.Y.Y.Y 192.168.1.0/24 any -P in ipsec
esp/tunnel/Y.Y.Y.Y-X.X.X.X;

Also would this be the correct way add the gif funnel?
ifconfig gif0 create

gifconfig gif0 inet X.X.X.X Y.Y.Y.Y

ifconfig gif0 inet 192.168.1.1 Y.Y.Y.Y 255.255.255.0

Is there anything I missed?

Thanks in advance,

John Hines

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]