Answer the question
In order to leave comments, you need to log in
IPSEC and gif0 why don't pings run?
Hello!
Colleagues, help defeat the fry and finally surrender the lab! The brain boils, reread the mountains of manuals and instructions, nothing helps ((((
We have the following initial data:
Server1
uname -a
FreeBSD lab10 10.3-RELEASE FreeBSD 10.3-RELEASE
interface to the network: 192.168.10.10
interface to the Internet: 88.88.88.88
The kernel is assembled with : ( Server1 )
options IPSEC
device crypto
/etc/rc.conf ( Server1 )
cloned_interfaces="gif0"
ifconfig_gif0="inet 192.168.10.10 192.168.20.20 netmask 255.255.255.252 tunnel 88.88.88.88 99.99.99.99"
gif0
: flags=8051 metric 0 mtu 1280
options=80000
tunnel inet 88.88.88.88 --> 99.99.99.99
inet 192.168.10.10 --> 192.168.20.20 netmask 0xfffffffc
nd6 options=29
server2
uname -a
FreeBSD lab14 10.3-RELEASE FreeBSD 10.3-RELEASE
interface to network:
192.1208.20 : 99.99.99.99
Kernel built with: ( Server1 )
options IPSEC
device crypto
/etc/rc.conf ( Server2 )
cloned_interfaces="gif0"
ifconfig_gif0="inet 192.168.20.20 192.168.10.10 netmask 255.255.255.252 tunnel 99.99.88.89.89 "
ifconfig ( Server2 )
gif0: flags=8051 metric 0 mtu 1280
options=80000
tunnel inet 99.99.99.99 --> 88.88.88.88
inet 192.168.20.20 --> 192.168.10.10 netmask 0xfffffffc
nd6 options=29
I have the following questions:
1) If I understood correctly from the ifconfig output, I can already safely ping the second server and it should ping or am I wrong?
2) I can transfer data between computers from different grids without raising racoon
3) I read what you need for the tunnel, you need your own IP is this true?
Kick me where I am stupid and lack knowledge? Because when doing even using https://www.freebsd.org/doc/ru/books/ha ... ipsec.html there already at this stage the servers are pinged (that is, I can ping the second server 192.168.20.20 from 192.168.10.10 and vice versa)
Answer the question
In order to leave comments, you need to log in
What exactly do you want to achieve? rakun is an IKE daemon, a utility program for IPSec tunnels. You can do without it, but it is very difficult. gif files are needed only in FreeBSD (not in Linux) due to local troubles. Now I'll look for an article - I once read just about IPSec in FreeBSD ...
UPD: Article in the journal "System Administrator", No. 12 for 2010. Using Rakoon to build tunnels is pretty old technology, more and more on strongswan now
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question