I have an snv51 machine at home serving as my internet gateway, and I
would like to use it to provide a VPN to my corporate network via
IPSec. The remote end should be correctly configured.
I bring up ip.tun0 like so:
ifconfig ip.tun0 192.168.44.1 10.10.10.1 \
tsrc 11.11.11.11 tdst 22.22.22.22 \
encr_algs 3des encr_auth_algs md5
where 192.168.44.0/24 is the local network I will be using, and
10.10.10.0/24 is the corporate network. 11.11.11.11 is my local
Internet ip, and 22.22.22.22 is the corporate network's Internet ip.
# ifconfig mxfe0
mxfe0: flags=201104843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,ROUTER,IPv4,CoS>
mtu 1500 index 3
inet 11.11.11.11 netmask ffffff00 broadcast 11.11.11..255
ether 0:80:c6:f0:45:3d
# ifconfig ip.tun0
ip.tun0: flags=11008d1<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST,ROUTER,IPv4>
mtu 1419 index 5
inet tunnel src 11.11.11.11 tunnel dst 22.22.22.22
tunnel security settings esp (3des-cbc/hmac-md5)
tunnel hop limit 60
inet 192.168.44.1 --> 10.10.10.1 netmask ffffff00
I see these in my logs:
ip: [ID 646971 kern.notice] ip_create_dl: hw addr length = 0
in.routed[146]: [ID 238047 daemon.warning] interface ip.tun0 to
10.10.10.1 turned off
The documentation I read on docs.sun.com states that ip_forwarding
must be turned off, though this will surely break NAT for my local
machines. All of the examples I seem to find are using a separate
machine to do this -- can I do the two on a single system?
--
Eric Enright
PS: I know that IKE still needs to be configured, but I am ignoring
that for now as the above problem seems unrelated.
_______________________________________________
networking-discuss mailing list
[email protected]
