Comments on: IPSec Tunneling Using FreeBSD http://www.techbabu.com/2009/10/ipsec-freebsd/ A blog on latest technologies. Fri, 18 Nov 2011 00:40:19 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Aulia http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-10510 Aulia Sat, 09 Jul 2011 00:15:04 +0000 http://www.techbabu.com/?p=3312#comment-10510 Hi, can I have an ask for something with my configuration ? I have finished this tutorial to build ipsec site to site, and the step has finished completely. I have a simulation with a local design topology with two PC's (FreeBSD 7.0) and the replace for public network (internet media) with a single switch device in the middle, it's look like this : (PC-A) Local Network A : 192.168.0.1/24 Network (Gateway) A : 202.10.10.1/24 SWITCH (PC-B) Network (Gateway) B : 202.10.10.2/24 Local Network B : 172.168.0.1/24 I got connect all this host by used a static routing, at first the communication between two site is completely connect eg. (Ping to Local Network B to Local Network A). but when I've finished config the tunnel (GIF interface), started the racoon and ipsec daemon with those all configuration, I can't any longer ping the outside local network (Request Time out). and sure there's no ESP protokol packet in the output of tcpdump on the traffic, I've tried Racoon-F command too, but the output is stack and look's not running. Please, any suggest from this problem :) I'm really appreciated with the respons, Thank's in advance :) Aulia. Hi,
can I have an ask for something with my configuration ?

I have finished this tutorial to build ipsec site to site, and the step has finished completely.
I have a simulation with a local design topology with two PC’s (FreeBSD 7.0) and the replace for public network (internet media) with a single switch device in the middle, it’s look like this :

(PC-A)
Local Network A : 192.168.0.1/24
Network (Gateway) A : 202.10.10.1/24

SWITCH

(PC-B)
Network (Gateway) B : 202.10.10.2/24
Local Network B : 172.168.0.1/24

I got connect all this host by used a static routing, at first the communication between two site is completely connect eg. (Ping to Local Network B to Local Network A).

but when I’ve finished config the tunnel (GIF interface), started the racoon and ipsec daemon with those all configuration, I can’t any longer ping the outside local network (Request Time out).

and sure there’s no ESP protokol packet in the output of tcpdump on the traffic, I’ve tried Racoon-F command too, but the output is stack and look’s not running.

Please, any suggest from this problem :)

I’m really appreciated with the respons, Thank’s in advance :)

Aulia.

]]> By: Zaeedh http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-5262 Zaeedh Thu, 17 Feb 2011 09:47:37 +0000 http://www.techbabu.com/?p=3312#comment-5262 Techbabu, you have a systematic vision ! and this is shows on your tutorial, thanks a lot :) now I'll should be have an "A" on my college paper.hehe.. Kind Regards, Zaeedh Techbabu, you have a systematic vision ! and this is shows on your tutorial, thanks a lot :)
now I’ll should be have an “A” on my college paper.hehe..

Kind Regards,
Zaeedh

]]> By: CS & IT Solutions » Blog Archive » IPSec Tunneling Using FreeBSD http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-2320 CS & IT Solutions » Blog Archive » IPSec Tunneling Using FreeBSD Fri, 04 Jun 2010 15:46:06 +0000 http://www.techbabu.com/?p=3312#comment-2320 [...] here Tags: bsd, freebsd, how to install ipsec on freebsd, ipsec, ipsec for freebsd, ipsec freebsd, [...] [...] here Tags: bsd, freebsd, how to install ipsec on freebsd, ipsec, ipsec for freebsd, ipsec freebsd, [...]

]]> By: Ilya http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-528 Ilya Thu, 03 Dec 2009 10:22:31 +0000 http://www.techbabu.com/?p=3312#comment-528 Thanks for your answer. Regards, Ilya Thanks for your answer.

Regards,
Ilya

]]> By: TechBabu http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-526 TechBabu Thu, 03 Dec 2009 09:32:31 +0000 http://www.techbabu.com/?p=3312#comment-526 Hi The rules are very clear, we have two hosts ( Host -A 172.17.1.254 ) and ( Host -B 172.18.1.254). with tunnels both end (Host -A 192.168.1.1) and (Host -B 192.168.2.1). the above rules are very simple. From (Host -A) traffic for (Host -B) will pass through (192.168.1.1). Regards Hi

The rules are very clear, we have two hosts ( Host -A 172.17.1.254 ) and ( Host -B 172.18.1.254). with tunnels both end (Host -A 192.168.1.1) and (Host -B 192.168.2.1). the above rules are very simple. From (Host -A) traffic for (Host -B) will pass through (192.168.1.1).

Regards

]]> By: Ilya http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-523 Ilya Thu, 03 Dec 2009 05:19:53 +0000 http://www.techbabu.com/?p=3312#comment-523 Very good article, but I don't understand how you obtain from this rules in /etc/ipsec.conf spdadd 172.17.1.254/32 172.18.1.254/32 ipencap -P out ipsec esp/tunnel/192.168.1.1-192.168.2.1/require; spdadd 172.18.1.254/32 172.17.1.254/32 ipencap -P in ipsec esp/tunnel/192.168.2.1-192.168.1.1/require; this result of setkey -DP 172.18.1.254[any] 172.17.1.254[any] ip4 in ipsec esp/tunnel/172.18.1.254-172.17.1.254/require spid=2 seq=1 pid=1144 refcnt=1 172.17.1.254[any] 172.18.1.254[any] ip4 out ipsec esp/tunnel/172.17.1.254-172.18.1.254/require spid=1 seq=0 pid=1144 refcnt=1 ???? P.S. Sorry for my english ): Very good article, but I don’t understand how you obtain from this rules in

/etc/ipsec.conf
spdadd 172.17.1.254/32 172.18.1.254/32 ipencap -P out ipsec
esp/tunnel/192.168.1.1-192.168.2.1/require;
spdadd 172.18.1.254/32 172.17.1.254/32 ipencap -P in ipsec
esp/tunnel/192.168.2.1-192.168.1.1/require;

this result of setkey -DP
172.18.1.254[any] 172.17.1.254[any] ip4
in ipsec
esp/tunnel/172.18.1.254-172.17.1.254/require
spid=2 seq=1 pid=1144
refcnt=1
172.17.1.254[any] 172.18.1.254[any] ip4
out ipsec
esp/tunnel/172.17.1.254-172.18.1.254/require
spid=1 seq=0 pid=1144
refcnt=1

????
P.S. Sorry for my english ):

]]> By: admin http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-365 admin Thu, 29 Oct 2009 06:11:19 +0000 http://www.techbabu.com/?p=3312#comment-365 Hmm. I haven't try it. But I think it is possible on single NIC. BTW: thanks for your nice comment. Regards, Tech Babu Hmm.

I haven’t try it. But I think it is possible on single NIC.

BTW: thanks for your nice comment.

Regards,
Tech Babu

]]> By: Vimuth Dayaratne http://www.techbabu.com/2009/10/ipsec-freebsd/comment-page-1/#comment-364 Vimuth Dayaratne Wed, 28 Oct 2009 17:44:52 +0000 http://www.techbabu.com/?p=3312#comment-364 What an excellent piece of guide. Out of curiosity Sir can we do this exercise having only one NIC's installed on either of those BSD boxes which we are creating the tunnel in between? Possibly by means of IP aliasing may be if at all supported? Please upload more BSD guides. Thank you very much. Best Regards Vimuth PS: Who is the author of this article? Please mention the name of the gentleman who wrote this. :) What an excellent piece of guide. Out of curiosity Sir can we do this exercise having only one NIC’s installed on either of those BSD boxes which we are creating the tunnel in between? Possibly by means of IP aliasing may be if at all supported? Please upload more BSD guides. Thank you very much.

Best Regards
Vimuth
PS: Who is the author of this article? Please mention the name of the gentleman who wrote this. :)

]]>