Date: Thu, 24 Nov 2005 14:57:55 +0900 From: KAMADA Ken'ichi <kamada@nanohz.org> To: freebsd-net@freebsd.org Subject: Re: Strange problem with IPSEC, not entirely transparent. Message-ID: <20051124145755WM%kamada@nanohz.org> In-Reply-To: <20051122215253.GM97528@gremlin.foo.is> References: <20051122215253.GM97528@gremlin.foo.is>
next in thread | previous in thread | raw e-mail | index | archive | help
At Tue, 22 Nov 2005 21:52:53 +0000, Baldur Gislason <baldur@foo.is> wrote: > > Now, here's the problem. When I have spmd and iked running on both ends, and everything between > the hosts goes by IPSEC, comms over the tunnel work fine but I cannot connect to any TCP ports > on the 5.4 machine from the 4.10 machine. > I can connect from the 5.4 machine to the 4.10 machine though. > Both machines can ping each other, no problems there. And all comms that go through the gif0 tunnel > work. You mean that TCP outside the gif tunnel doesn't work only in one direction? If you set IPsec keys (and policies) manually, does it work? If manual keying works, then... You mentioned spmd and iked, so I suspect you are using racoon2 (!= racoon), right? If so, please send racoon2.conf, SPD and SAD (output of "setkey -DP" and "setkey -D"), iked's log, and other config if relevant (all on both ends). If they are too big, you can send them to me off-list. # OTOH, If it is racoon you actually wanted to use, it's now contained # in security/ipsec-tools ports. At Tue, 22 Nov 2005 21:57:24 +0000, Baldur Gislason <baldur@foo.is> wrote: > > Adding: > If I kill spmd on the 5.4 box, then all works fine but the comms are only encrypted in one direction. Killing spmd causes removal of SPD entries generated by racoon2. -- KAMADA Ken'ichi <kamada@nanohz.org> @racoon2 project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051124145755WM%kamada>