From owner-freebsd-net@FreeBSD.ORG  Thu Mar 27 06:50:04 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 648BD106566B
	for <freebsd-net@hub.freebsd.org>; Thu, 27 Mar 2008 06:50:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 54CBB8FC1D
	for <freebsd-net@hub.freebsd.org>; Thu, 27 Mar 2008 06:50:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m2R6o4Fx022651
	for <freebsd-net@freefall.freebsd.org>; Thu, 27 Mar 2008 06:50:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m2R6o48b022650;
	Thu, 27 Mar 2008 06:50:04 GMT (envelope-from gnats)
Date: Thu, 27 Mar 2008 06:50:04 GMT
Message-Id: <200803270650.m2R6o48b022650@freefall.freebsd.org>
To: freebsd-net@FreeBSD.org
From: "Alexander Efimov" <alephis@gmail.com>
Cc: 
Subject: Re: kern/122065: [gre] gre over ipsec not working
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Alexander Efimov <alephis@gmail.com>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Mar 2008 06:50:04 -0000

The following reply was made to PR kern/122065; it has been noted by GNATS.

From: "Alexander Efimov" <alephis@gmail.com>
To: bug-followup@FreeBSD.org, alephis@gmail.com
Cc:  
Subject: Re: kern/122065: [gre] gre over ipsec not working
Date: Thu, 27 Mar 2008 12:17:43 +0600

 ------=_Part_19935_27991802.1206598664906
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 - policies on Windows
 
 the same to require ipsec on 192.168.250.0/24 both directions
 connection type: all network connectins
 with  "accept usecured communication, but always respond using ipsec" turned
 off
 certificate type of authentication
 
 - confirm with tcpdump that no packets are going out on the real
 interface?
 
 I've got only esp packets, currently can't make tcpdump work with -E
 
 - can you still see the packets on enc0?
 not sure I understand what you mean.
 
 - any possible firewall setups?
 no server and host currently resides in same lan
 
 ------=_Part_19935_27991802.1206598664906
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 - policies on Windows<br><br>the same to require&nbsp;ipsec&nbsp;on&nbsp;<a href="http://192.168.250.0/24">192.168.250.0/24</a>&nbsp;both&nbsp;directions<br>connection type: all&nbsp;network&nbsp;connectins <br>with &nbsp;&quot;accept usecured communication, but always respond using ipsec&quot; turned off <br>
 certificate&nbsp;type&nbsp;of&nbsp;authentication&nbsp;<br><br>- confirm with tcpdump that no packets are going out on the real<br>interface?<br><br>I&#39;ve got only esp packets,&nbsp;currently&nbsp;can&#39;t&nbsp;make&nbsp;tcpdump&nbsp;work&nbsp;with&nbsp;-E&nbsp; <br><br>- can you still see the packets on enc0?<br>
 not sure I understand what you mean.<br><br>- any possible firewall setups?<br>no server and host currently resides&nbsp;in&nbsp;same&nbsp;lan&nbsp; <br>
 
 ------=_Part_19935_27991802.1206598664906--