Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 6 Sep 2002 13:32:35 -0600
From:      Tillman Hodgson <tillman@seekingfire.com>
To:        Mike Tancsa <mike@sentex.net>
Cc:        questions@FreeBSD.ORG
Subject:   Re: IPSEC & routing w/o gif
Message-ID:  <20020906133235.B15060@seekingfire.com>
In-Reply-To: <5.1.1.6.0.20020906152805.043a9fc8@marble.sentex.ca>; from mike@sentex.net on Fri, Sep 06, 2002 at 03:29:43PM -0400
References:  <20020905232857.C13151@seekingfire.com> <vq9gnu0qk29fjk0un4tne8vku57f33vmh2@4ax.com> <mailman.1031178127.4718.fquestions-l@lists.sentex.ca> <vq9gnu0qk29fjk0un4tne8vku57f33vmh2@4ax.com> <20020905225049.A13151@seekingfire.com> <5.1.0.14.0.20020906010034.03d89220@192.168.0.12> <20020905232857.C13151@seekingfire.com> <20020906132649.A15029@seekingfire.com> <5.1.1.6.0.20020906152805.043a9fc8@marble.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, Sep 06, 2002 at 03:29:43PM -0400, Mike Tancsa wrote:
> At 01:26 PM 06/09/2002 -0600, Tillman Hodgson wrote:
> >And now I've got those four entries to show:
> 
> I *think* when that happens, things are out of sync.  The FreeBSD box has 
> the old SA setup but the Linux end sees it go away. Then, it brings up a 
> new one before the FreeBSD box flushes the old one.  But you might want to 
> post this to the KAME mailing list to confirm.  Also, what are you using 
> for exchange modes ? Aggressive, main or base ?

Oddly, it only works when there's 4 entries. When there's 2 or 0, I
can't get through. When the other end initiates, I get 4 and things work
for end for a while.

remote anonymous
{
        exchange_mode main;
        lifetime time 100 hours;
        proposal_check obey;
        proposal {
                encryption_algorithm 3des;
                hash_algorithm md5;
                authentication_method pre_shared_key;
                dh_group 2;
        }
}

sainfo anonymous
{
        pfs_group 2;
        lifetime time 100 hours;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate ;
}

Is the kame mailing list hte "snap-users" mailing list?

- Tillman

-- 
Feel free to contact me (flames about my english and the useless of this
driver will be redirected to /dev/null, oh no, it's full...).
(Michael Beck, describing the PC-speaker sound device)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020906133235.B15060>