VPN IPsec Help
Steve Bertrand
steve at ipv6canada.com
Thu Jul 8 14:51:38 UTC 2010
On 2010.07.08 10:00, Matheus Weber da Conceição wrote:
>> It has been a long time since I've done IPSec on FBSD, but I'm willing
>> to bet that this has to do with routing, possibly amongst other things.
>> On peer 'B' (FBSD box), what internal IP range are you trying to access
>> the A network from...the same ones (ie. are you trying to bridge the
>> networks)?
>>
> The -peer A- doesn't need to access any -peer B- networks.
>
>> Do you have access to the Cisco gear?
> No.
>
>> If so, on FreeBSD, post the output of:
>>
>> % netstat -rn
>
> Notes:
> tun0 is my ppp pseudo-device
> tun5 is my openvpn tunel (192.168.5.0/24)
> ============
> # netstat -rn
> Routing tables
[ big snip ]
IIRC, you don't need a gre tunnel through IPSec, as you are simply
routing between two dissimilar networks. Don't quote me on this though,
as I said earlier, it has been a very long time.
On the FreeBSD box, assuming that you *only* want to access the three
specific IPs you stated, do this:
% route add 192.168.10.24/32 200.x.x.x
% route add 192.168.201.196/32 200.x.x.x
% route add 10.115.90.236/32 200.x.x.x
On the Cisco side:
% ip route 192.168.5.0 255.255.255.0 187.x.x.x.x
If that works, on the FBSD side of things, add the following to
/etc/rc.conf to make them persistent across reboots:
static_routes="host1 host2 host3"
route_host1="192.168.10.24/32 200.x.x.x"
route_host2="192.168.201.196/32 200.x.x.x"
route_host3="10.115.90.236/32 200.x.x.x"
Steve
More information about the freebsd-questions
mailing list