BSD Router Project

User Tools

Site Tools

Trace:
documentation:examples:gre_ipsec_and_openvpn

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
documentation:examples:gre_ipsec_and_openvpn [2020/06/29 16:47] – [VM4: OpenVPN client] olivierdocumentation:examples:gre_ipsec_and_openvpn [2022/07/08 12:33] – [VPN with GRE, GIF, IPSec, OpenVPN and Wireguard] olivier
Line 1: Line 1:
 ====== VPN with GRE, GIF, IPSec, OpenVPN and Wireguard ====== ====== VPN with GRE, GIF, IPSec, OpenVPN and Wireguard ======
  
-This lab shows some VPN examples with BSDRP 1.97.+This lab shows some VPN examples with BSDRP 1.991.
  
 ===== Presentation ===== ===== Presentation =====
Line 238: Line 238:
  
 If you have previous gre configuration from the gre example: remove them. If you have previous gre configuration from the gre example: remove them.
- 
-Here is the line to ADD to /etc/rc.conf file: 
  
 <code> <code>
Line 252: Line 250:
 service routing restart service routing restart
 config save config save
 +</code>
 +
 +Take care of avoiding fragmentation, TCP-MSS should be reduced on a gif using inet6, like with this pf.conf example:
 +<code>
 +set skip on lo0
 +scrub on gif1 inet all max-mss 1200
 +scrub on gif1 inet6 all max-mss 1180
 +pass
 </code> </code>
 ==== Router 4 ==== ==== Router 4 ====
Line 257: Line 263:
 Configure the 2 gif tunnel using VM2 addresses as end-point. Configure the 2 gif tunnel using VM2 addresses as end-point.
  
-Here are the changes to apply to rc file: 
 <code> <code>
 sysrc cloned_interfaces="gif0 gif1" sysrc cloned_interfaces="gif0 gif1"
Line 692: Line 697:
  
 <code> <code>
-cat > /usr/local/etc/ipsec.conf <<'EOF'+cat > /usr/local/etc/ipsec.conf <<EOF
 config setup config setup
  
Line 710: Line 715:
     rightid=VM4     rightid=VM4
     auto=start     auto=start
-'EOF'+EOF
 </code> </code>
  
Line 716: Line 721:
  
 <code> <code>
-cat > /usr/local/etc/ipsec.secrets <<'EOF'+cat > /usr/local/etc/ipsec.secrets <<EOF
 VM4 VM2 : PSK "This is a strong password" VM4 VM2 : PSK "This is a strong password"
-'EOF'+EOF
 </code> </code>
  
Line 724: Line 729:
  
 <code> <code>
-sysrc strongswan_enable=YES+service strongswan enable
 service strongswan restart service strongswan restart
 </code> </code>
Line 738: Line 743:
  
 <code> <code>
-cat > /usr/local/etc/ipsec.conf <<'EOF'+cat > /usr/local/etc/ipsec.conf <<EOF
 config setup config setup
  
Line 755: Line 760:
     rightid=VM2     rightid=VM2
     auto=route     auto=route
-'EOF'+EOF
 </code> </code>
  
Line 761: Line 766:
  
 <code> <code>
-cat > /usr/local/etc/ipsec.secrets <<'EOF'+cat > /usr/local/etc/ipsec.secrets <<EOF
 VM4 VM2 : PSK "This is a strong password" VM4 VM2 : PSK "This is a strong password"
-'EOF'+EOF
 </code> </code>
  
Line 769: Line 774:
  
 <code> <code>
-sysrc strongswan_enable=YES+service strongswan enable
 service strongswan restart service strongswan restart
 </code> </code>
Line 1058: Line 1063:
  
 <code> <code>
-echo '<ca>' >> /usr/local/etc/openvpn/VM4-openvpn.conf+cat > /usr/local/etc/openvpn/VM4-openvpn.conf <<'EOF' 
 +client 
 +dev tun 
 +remote 10.0.23.2 
 +<ca> 
 +'EOF'
 cat /usr/local/etc/easy-rsa/pki/ca.crt >> /usr/local/etc/openvpn/VM4-openvpn.conf cat /usr/local/etc/easy-rsa/pki/ca.crt >> /usr/local/etc/openvpn/VM4-openvpn.conf
 echo '</ca>' >> /usr/local/etc/openvpn/VM4-openvpn.conf echo '</ca>' >> /usr/local/etc/openvpn/VM4-openvpn.conf
documentation/examples/gre_ipsec_and_openvpn.txt · Last modified: 2023/07/10 12:40 by olivier
Except where otherwise noted, content on this wiki is licensed under the following license: BSD 2-Clause
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki