Subject: Re: VPN IPSec (fwd)
To: None <tech-security@NetBSD.org>
From: Christian Palomino <christian@christianpalomino.com>
List: tech-security
Date: 10/10/2003 17:12:04
> 
> >>>>> "Christian" == Christian Palomino <zakhrin@freeshell.org> writes:
>     Christian> I'd like to be able set up some mobile users with NetBSD
>     Christian> also. I've got IPSec with racoon IKE working properly, but I
>     Christian> can't get the point in how to set up the "virtual" internal IP
>     Christian> to be "inside" my company's WAN.  Should I set up routed in my
>     Christian> laptop and route myself through the tunnel, setting my
>     Christian> "virtual" IP address as an alias in my ifconfig?
> 
>   Yes, set up the "virtual" address as an alias on the 'lo0' device.
>   Then, configure the route with "setkey":
> 
>   In this case, my IP is 192.168.1.24, and remote network is 192.168.1.0/24.
>   The gateway is XXXX, and ${myip} is set by dhclient through some scripts.
> 
> spdadd 192.168.1.24/32 192.168.1.0/24 any -P out ipsec esp/tunnel/${myip}-XXXX/require;
> spdadd 192.168.1.0/24 192.168.1.24/32 any -P in ipsec  esp/tunnel/XXXX-${myip}/require;
> 
>   then... and here is the *tricky bit* (you wind the film backwards...)
> 
>   route add -net 192.168.1.0 -iface 192.168.1.24 -mtu 1400
> 
>   This means that when you talk to 192.168.1.0/24, you'll use 192.168.1.24
> as the source address.
> 
Thanks!

and do you know how can I send the user, domain and password the CISCO
router will use to authenticate me against a RADIUS server?

Thanks again and best regards.
-- 
Christian Palomino <christian@christianpalomino.com>