Hi,

I thought about this, but I am not really worried about encryption, and I
really think the overhead of encryption may be a bit too much for my poor
old Quadra700, especially since I need the tunnel to do videoconferencing
primarily. All the same, I have read the ipSEC docs, and it looks like a
very good thing(TM). I also don't know about ipSEC on NetBSD though...

Basically I just want to know whether I have to recompile my kernel to use
the gre and ipip interfaces on my Mac-NetBSD-box. I can't find any clear
docs on how to activate these interfaces...

Thanks for your advice,

Richie




On Wed, 26 Apr 2000, Max Asato wrote:

> Hi,
> 
> You could also try IPSec.
> 
> There's quite a bit of documentation on www.openbsd.org on IPSec. Check
> the FAQ sections on Networking and IPSec for basic info and a tutorial on
> setting up manual IPSec and IKE.  Mind that this is targetted at
> OpenBSD--not sure how much of the required crypto stuff is bundled into
> NetBSD.
> 
> Good luck.
> 
> -Max
> 
> On Tue, 25 Apr 2000, Richard Unger wrote:
> 
> > Hi,
> > 
> > I've been running NetBSD on my Quadra 700 very happily for almost 3 
> > years now. Looking for a new challenge, I'm trying to set up a VPN 
> > type thing between between my Quadra and another NetBSD box (pentium) 
> > I have in another city. Both NetBSD boxes are connected to 
> > cable-modems, and serve as NAT gateways for the local networks they 
> > are connected to.
> > Delving into the NetBSD website, there is little I can find in terms 
> > of docs on tunnelling and VPNs. 'man gre' and 'man ipip' are also 
> > less than informative. As far as I can tell, there are four available 
> > tunnelling interfaces: gre, ipip, gif and tun. All implement 
> > different tunnelling protocols, except ipip which seems to be a 
> > subset of gif. As far as I can tell, any one of gre, ipip or gif 
> > would let me do what I want - set up a tunnel between the two NetBSD 
> > boxes and route packets between the two local networks as if they 
> > were 'just next-door'. Here's to my actual questions then:
> > On the pentium tun, ipip and gre interfaces are available (kernel 
> > 1.4.1 GENERIC #1). On my Quadra, only the tun interface is available 
> > (kernel 1.4.1 GENERIC #0). Do I need to compile a new kernel? How do 
> > I activate the tunnelling interfaces on the mac?
> > Is the gif interface a mainly ipV6, KAME development thing, requiring 
> > NetBSD 1.5 and kernel recompiles, or is can it be installed via the 
> > package-source or some other easy way?
> > Am I right in assuming the tun interface is not good for my purposes? 
> > As far as I can tell it seems to be more intended to transfer network 
> > streams to other hardware/software...
> > Where can I find more docs on this? Does anyone have a clear answer 
> > as to which is better for my purposes: ipip, gif or gre tunnelling?
> > 
> > Thanks a lot for your time,
> > Richie
> > 
> 
>