VPN IPsec Help

Steve Bertrand steve at ipv6canada.com
Thu Jul 8 14:51:38 UTC 2010

On 2010.07.08 10:00, Matheus Weber da Conceição wrote:
>> It has been a long time since I've done IPSec on FBSD, but I'm willing
>> to bet that this has to do with routing, possibly amongst other things.
>> On peer 'B' (FBSD box), what internal IP range are you trying to access
>> the A network from...the same ones (ie. are you trying to bridge the
>> networks)?
> The -peer A- doesn't need to access any -peer B- networks.
>> Do you have access to the Cisco gear?
> No.
>> If so, on FreeBSD, post the output of:
>> % netstat -rn
> Notes:
> tun0 is my ppp pseudo-device
> tun5 is my openvpn tunel (
> ============
> # netstat -rn
> Routing tables

[ big snip ]

IIRC, you don't need a gre tunnel through IPSec, as you are simply
routing between two dissimilar networks. Don't quote me on this though,
as I said earlier, it has been a very long time.

On the FreeBSD box, assuming that you *only* want to access the three
specific IPs you stated, do this:

% route add 200.x.x.x
% route add 200.x.x.x
% route add 200.x.x.x

On the Cisco side:

% ip route 187.x.x.x.x

If that works, on the FBSD side of things, add the following to
/etc/rc.conf to make them persistent across reboots:

static_routes="host1 host2 host3"
route_host1=" 200.x.x.x"
route_host2=" 200.x.x.x"
route_host3=" 200.x.x.x"


More information about the freebsd-questions mailing list