> Dear all, > > I find no explicit mention of how to encapsulate and decapsulate IPsec > protected packets in tunnel mode. > > Are we supposed to use gre0 or gif0 interface to add routes? > > I am able to create SAs using automatic keying with isakmpd and 1 line > in ipsec.conf. > > But I am unable to connect two private networks. How to achieve that? > > Google did not help at all. Neither did a paper on www.openbsd.org. > > Thanks. > > -Girish
This was for 3.8 but it still works (at least on 4.6): http://www.symantec.com/connect/articles/zero-ipsec-4-minutes (note that symantec mangled the \n characters in the configuration examples, you will need to add extra new lines) No need to setup any tunnelling ifaces by hand, everything comes out of enc0. If you're firewalling keep in mind that sometimes IPSec packets may come out twice from the same interface. tcpdumping on pflog is your friend. Regards, Daniel.
