Graham Barr writes:
> With our current FreeBSD setup each gateway machine has a private
> IP on the ipsec i/f as well as the private net it is protecting. For
> example the dummy ip might be 10.0.1.5 and the internal net might
> be 10.0.2.0/24. The peer machine might have an IP of 10.0.1.6 on
> its dummy i/f.
You don't describe how you set up your IPsec connection under FreeBSD
but from the description I'm guessing that you are using gif to setup
an IP-in-IP tunnel and using transport mode to encrypt
subnet-to-subnet traffic rather than use tunnel mode directly. Is
that correct?
> What this allows is that connections between processes on the two
> gateways will appear to the other as being from 10.0.1.5 (or .6)
> and not from the public IP.
Agreed. Is there a particular reason you want this behaviour rather
than having the IPsec connection use the public IP addresses
(e.g. either/both are on DHCP?)
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:15 CEST