From owner-freebsd-security Thu Jan 24 10:56: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id E734637B404 for ; Thu, 24 Jan 2002 10:55:58 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g0OItvK28163; Thu, 24 Jan 2002 12:55:57 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id MAA19903; Thu, 24 Jan 2002 12:55:57 -0600 (CST) Message-ID: <3C50588C.7200324B@centtech.com> Date: Thu, 24 Jan 2002 12:55:08 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: dr3node Cc: freebsd-security@freebsd.org Subject: Re: Can't set up an IPsec tunnel. References: <200201241847.AHX10883@vmms1.verisignmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org IPSEC won't work through masquarading boxes or NAT firewalls. Eric dr3node wrote: > > i've read everything i could find. > that is the latest try: > Remote host: > > ifconfig gif0 create tunnel 222.222.22.2 111.111.11.1 > ifconfig gif0 inet 222.222.22.2 192.168.0.1 netmask 0xffffff00 > setkey -FP > setkey -F > ipsec.conf: > // > spdadd 0.0.0.0/0 192.168.0.0/24 any -P out ipsec > esp/tunnel/222.222.22.2-111.111.11.1/require; > spdadd 192.168.0.0/24 0.0.0.0/0 any -P in ipsec > esp/tunnel/111.111.11.1-222.222.22.2/require; > // > + racoon with the keys in /usr/local/etc/racoon/psk.txt > setkey -f /etc/ipsec.conf > > Local gateway: > > ifconfig fxp0 111.111.11.1 netmask 0xffffffff alias > ifconfig gif0 create tunnel 111.111.11.1 222.222.22.2 > ifconfig gif0 inet 192.168.0.1 222.222.22.2 netmask 0xffffff00 > setkey -FP > setkey -F > > ipsec.conf: > // > spdadd 192.168.0.0/24 0.0.0.0/0 any -P out ipsec > esp/tunnel/111.111.11.1-222.222.22.2/require; > spdadd 0.0.0.0/0 192.168.0.0/24 any -P in ipsec > esp/tunnel/222.222.22.2-111.111.11.1/require; > // > > + racoon with the keys in /usr/local/etc/racoon/psk.txt > setkey -f /etc/ipsec.conf > and the connection on the gate drops down. > the error is: /kernel: gif_output: recursively called too many times(2) > > i'm wondering what if any troubles because of that RedHat gate with the > masquarade or because of my stupidy. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson anderson@centtech.com Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message