Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Feb 2004 11:11:34 -0000
From:      "Steve Greenshaw" <steve@softgreen.co.uk>
To:        "Helge Oldach" <helge.oldach@atosorigin.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: FreeBSD (Racoon) / Draytek Setup
Message-ID:  <002001c3fc59$4c40f440$76b753c2@ACM12601>
References:  <200402260740.IAA18872@galaxy.hbg.de.ao-srv.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thanks. Works fine now when connecting from the Draytek ... getting a
'segmentation fault (cored dump)' from racoon when trying to initiate the
connection from the FreeBSD box, but some more fine tuning may be required.

Thanks again.

Steve.

----- Original Message ----- 
From: "Helge Oldach" <helge.oldach@atosorigin.com>
To: "Steve Greenshaw" <steve@softgreen.co.uk>
Cc: <freebsd-net@freebsd.org>
Sent: Thursday, February 26, 2004 7:40 AM
Subject: Re: FreeBSD (Racoon) / Draytek Setup


> Steve Greenshaw:
> >################
> >spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec
> >esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require;
> >spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec
> >esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require;
> >################
>
> Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip"
> encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this
> is just meaningless here as the gif interface just acts as a routing
> placeholder and doesn't actually transport traffic.)
>
> The other thing you might want to try is using "unique" instead of
> "require". This is necessary for ESP tunnel mode against Cisco boxes,
> and probably will catch your case as well.
>
> Maybe someone can explain the difference between these two? The manpage
> isn't really verbose...
>
> Regards,
> Helge
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002001c3fc59$4c40f440$76b753c2>