Subject: Questions about VPN with IPsec
To: None <>
From: Allen D. Ball <>
List: current-users
Date: 07/27/2001 17:57:04
Hash: SHA1


I have previously posted these questions to netbsd-users but got no
 Even though I am running 1.5.1, I hope I might get some help here.

I have set up a configuration similar to the one described at  The link
comes up and I can run TCP between the two machines.  However, I am still
having trouble seeing the remote machines on the local network and vice
versa.  I am running 1.5.1 and I am using gif(4) as the endpoints of my
tunnel.  I am also running routed(8) on each of the machines.  I did not
assign IPv6 addresses to the gif(4) interfaces nor the physical NICs.  The
two address clouds are -net and -net and the
endpoints of the tunnel are and, respectively.

My questions are:

Do I need to do any IPv6 configuration to make this work?

Is gif(4) the right hammer for this nail?

The sited web page says to set up the routes in advance.  Does this mean in
advance of setkey being executed in the /etc/rc.d/ipsec script?  Or in
advance of ifconfig gif0?  Or in advance of using the link?  I have
to set up the routes in the /etc/ifconfig.gif0 script before and after
running ifconfig, but the route command to provide the route from the remote
NIC to the remote cloud fails.  (However, I can run it manually *after*
booting and *after* the link has come up, and the route is installed, but I
still can't get to the remote machines.)  Is there a proper incantation of
the route command that will let me set it up in /etc/ifconfig.gif0?

There is a third box doing NAT in front of one of the machines, but it is a
straight redirect of one of our internet CIDR block address to its
corresponding internal address (and I addressed this in setting up the
Because I can bring the link up, I don't think this is coming into play but
I mention it in the interest of full disclosure.

I appreciate any help.  Thank you.


Version: PGP Personal Privacy 6.5.8