IPSEC VPN / OpenVPN Scenario

[fuhdan]

Hi
Is the following possible IPSec or OpenVPN on FreeBSD?

NET 1  --> FreeBSD Box1 --> Router (with NAT)  --> INTERNET  --> FreebSD Box 2 --> NET2

Net 1 = 192.168.40.0/24
Net 2 = 192.168.40.0/24
FreeBSD Box1 Static IP = 192.168.40.2 (only one Interface)
Rouer internal Static IP = 192.168 40.1
Router external Dynamic = y.y.y.y (DHCP from the provider but dynamic DNS is working)
FreeBSD Box 2 External Static = x.x.x.x (DNS is working)
Freebsd Box 2 Internal Static = 192.168.40.3

"Dial in" should be possible to both FreeBSD Boxes. The DHCP and the DNS Server is on the NET 1.

Has someone a step by step tutorial or a similar config example?

Thanks a lot.

Daniel

 

[SirDice]

Start here: Handbook: 15.9 VPN over IPsec

 

[Crest]

Do yourself a favor and avoid IPSec in tunnel mode. If you want to use IPSec use gre tunnels with ESP in transport mode.

OpenVPN is easier to configure and debug than IPSec on FreeBSD. OpenVPN encapsulates every packet in UDP. This makes it much easier to penetrate NATs.

 

[fuhdan]

Do yourself a favor and avoid IPSec in tunnel mode.

But if I use OpenVPN, I need to install a client on my road warrior. Isn't it? I would like to avoid that.

I don't know where to start, because my FreeBSD Box 1 has only one Interface.
So I create a as follows on my FreeBSD Box 1?

ifconfig gif0 create
ifconfig gif0 192.168.40.2 192.168.40.3
ifconfig gif0 tunnel ??? x.x.x.x

What do I have to take for the external 1? The 192.168.40.2 as well?

I will do it right the opposite on my Box 2:

ifconfig gif0 create
ifconfig gif0 192.168.40.3 192.168.40.2
ifconfig gif0 tunnel x.x.x.x dynDNSName?

Can I take here the dynamic DNS Name? Or do I have to take the 192.168.40.2 Address?

Thanks for your help. Sorry but this is the first time I do something with VPN and FreeBSD.