download

Network Configuration—TunnelingTo make sure that the traffic is actually being encrypted, it is a good ideato run tcpdump(1) on one host, send ICMP packets from the other host(ping), and see the incoming packets. If the traffic is being encrypted, youshould see ESP packets in tcpdump output on the other end.SummaryTunnels are different scenarios when you may want to set up a tunnel between twohosts on a network. For example, tunneling is used to exchange routing updatesbetween edge routers, or to create a site-to-site VPN over a public network.Before choosing a tunneling method, you should decide whether the encryption isimportant or not.If data encryption is not a concern while setting up GRE or GIF tunnels, usingFreeBSD is quite straightforward. GRE is an established protocol that is alsosupported by different vendors. So if you are establishing a tunnel between aFreeBSD gateway and a Cisco or Juniper router, you can simply go with GRE.If security is a concern, you can use the industry standard IPSec protocolbetween your FreeBSD gateway with other FreeBSD gateways or gateways fromdifferent vendors.Setting up an IPSec is also very straightforward, especially when setting up thesite-to-site IPSec tunnels. However this may get more complex depending on yournetwork architecture and specific needs.[ 144 ]