Subject: Re: VPN IPSec (fwd)
To: None <tech-security@NetBSD.org>
From: Christian Palomino <christian@christianpalomino.com>
List: tech-security
Date: 10/10/2003 17:12:04
>
> >>>>> "Christian" == Christian Palomino <zakhrin@freeshell.org> writes:
> Christian> I'd like to be able set up some mobile users with NetBSD
> Christian> also. I've got IPSec with racoon IKE working properly, but I
> Christian> can't get the point in how to set up the "virtual" internal IP
> Christian> to be "inside" my company's WAN. Should I set up routed in my
> Christian> laptop and route myself through the tunnel, setting my
> Christian> "virtual" IP address as an alias in my ifconfig?
>
> Yes, set up the "virtual" address as an alias on the 'lo0' device.
> Then, configure the route with "setkey":
>
> In this case, my IP is 192.168.1.24, and remote network is 192.168.1.0/24.
> The gateway is XXXX, and ${myip} is set by dhclient through some scripts.
>
> spdadd 192.168.1.24/32 192.168.1.0/24 any -P out ipsec esp/tunnel/${myip}-XXXX/require;
> spdadd 192.168.1.0/24 192.168.1.24/32 any -P in ipsec esp/tunnel/XXXX-${myip}/require;
>
> then... and here is the *tricky bit* (you wind the film backwards...)
>
> route add -net 192.168.1.0 -iface 192.168.1.24 -mtu 1400
>
> This means that when you talk to 192.168.1.0/24, you'll use 192.168.1.24
> as the source address.
>
Thanks!
and do you know how can I send the user, domain and password the CISCO
router will use to authenticate me against a RADIUS server?
Thanks again and best regards.
--
Christian Palomino <christian@christianpalomino.com>