Date: Wed, 15 Nov 2000 11:54:11 -0500 From: "James E. Quick" <jq@quick.com> To: freebsd-net@freebsd.org Subject: I need help with IPSEC Message-ID: <200011151654.eAFGsCC24802@papoose.quick.com> In-Reply-To: <5.0.0.25.0.20000923105128.02ee5840@mail.Go2France.com> References: <5.0.0.25.0.20000923105128.02ee5840@mail.Go2France.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I am in desperate need of help with IPSEC.
I have a pair of firewalls configured with:
IPSEC
IPSEC_ESP
IPSEC_DEBUG
I started with an attempt using raccoon, then backed off
to using manually added entries via skey.
I do not see anything in racoon output that looks like an
error.
The remote end of the gateway is a box running 4.1.1-STABLE.
It has a single public IP address via a cable modem with
172.16.1.x addresses behind it.
My endpoint is running 4.2-BETA and has an ISP provided /30
subnet externally, with my publicly routable Class C behind.
I note that when I try to reach any 172.16.1 address
with either form of IPSEC configured I get 'No route to host'
errors. This suggests that IPSEC is not encapsulating anything.
I would appreciate hearing from anyone who has set up esp
style tunnels between either 2 FreeBSDs or between FreeBSD and
anything else.
There must be something trivial that I am overlooking, because
I am not seeing anything that looks like an error.
We are both running ipfilt on our ends.
The remote site is also running simple ipnat configuration.
---
___ ___ | James E. Quick
/ / / | Quick & Associates NeXTMail O.K.
\_/ (_\/ | If only the HMO would cover my allergy to gravity.
) |
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011151654.eAFGsCC24802>