From owner-freebsd-questions Fri Sep 6 12:32:29 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD91F37B401 for ; Fri, 6 Sep 2002 12:32:25 -0700 (PDT) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2B7E43E4A for ; Fri, 6 Sep 2002 12:32:21 -0700 (PDT) (envelope-from tillman@seekingfire.com) Received: from blues.seekingfire.prv (blues.seekingfire.prv [192.168.23.211]) by mail.seekingfire.com (Postfix) with ESMTP id 782665C; Fri, 6 Sep 2002 13:32:21 -0600 (CST) Received: (from tillman@localhost) by blues.seekingfire.prv (8.11.6/8.11.6) id g86JWZh15076; Fri, 6 Sep 2002 13:32:35 -0600 Date: Fri, 6 Sep 2002 13:32:35 -0600 From: Tillman Hodgson To: Mike Tancsa Cc: questions@FreeBSD.ORG Subject: Re: IPSEC & routing w/o gif Message-ID: <20020906133235.B15060@seekingfire.com> References: <20020905232857.C13151@seekingfire.com> <20020905225049.A13151@seekingfire.com> <5.1.0.14.0.20020906010034.03d89220@192.168.0.12> <20020905232857.C13151@seekingfire.com> <20020906132649.A15029@seekingfire.com> <5.1.1.6.0.20020906152805.043a9fc8@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <5.1.1.6.0.20020906152805.043a9fc8@marble.sentex.ca>; from mike@sentex.net on Fri, Sep 06, 2002 at 03:29:43PM -0400 X-Urban-Legend: There is lots of hidden information in headers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, Sep 06, 2002 at 03:29:43PM -0400, Mike Tancsa wrote: > At 01:26 PM 06/09/2002 -0600, Tillman Hodgson wrote: > >And now I've got those four entries to show: > > I *think* when that happens, things are out of sync. The FreeBSD box has > the old SA setup but the Linux end sees it go away. Then, it brings up a > new one before the FreeBSD box flushes the old one. But you might want to > post this to the KAME mailing list to confirm. Also, what are you using > for exchange modes ? Aggressive, main or base ? Oddly, it only works when there's 4 entries. When there's 2 or 0, I can't get through. When the other end initiates, I get 4 and things work for end for a while. remote anonymous { exchange_mode main; lifetime time 100 hours; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 100 hours; encryption_algorithm 3des; authentication_algorithm hmac_sha1,hmac_md5; compression_algorithm deflate ; } Is the kame mailing list hte "snap-users" mailing list? - Tillman -- Feel free to contact me (flames about my english and the useless of this driver will be redirected to /dev/null, oh no, it's full...). (Michael Beck, describing the PC-speaker sound device) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message