From owner-freebsd-net@FreeBSD.ORG Mon Oct 7 08:22:36 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 158A9737 for ; Mon, 7 Oct 2013 08:22:36 +0000 (UTC) (envelope-from fbsd-mbox@mail.ru) Received: from fallback6.mail.ru (fallback6.mail.ru [94.100.176.134]) by mx1.freebsd.org (Postfix) with ESMTP id BEDB12CDE for ; Mon, 7 Oct 2013 08:22:35 +0000 (UTC) Received: from smtp32.i.mail.ru (smtp32.i.mail.ru [94.100.177.92]) by fallback6.mail.ru (mPOP.Fallback_MX) with ESMTP id D16B11EDCD0E for ; Mon, 7 Oct 2013 12:22:33 +0400 (MSK) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=onsHrokV9ZgMM+HVdUsEb3t3w6zSjIJQqWH7/zWKkFA=; b=P//homNa9HdsX/ylFan1DoAv7mF0MriYrFJYEsl83dKBxvGZ0Z7qE+mWnoixPFnxr3uT+G2SiPH13yd2pMHB4w7nITiuGhsEe5c5XQcW+sCShOcMuxbQtnzBcJ4Ntkqif8uWjYAPUFYyseGHqdFC6INVJ4CC4myGeKI7CqrArxg=; Received: from [212.100.132.202] (port=58559 helo=[127.0.0.1]) by smtp32.i.mail.ru with esmtpa (envelope-from ) id 1VT658-0005SG-Ts for freebsd-net@freebsd.org; Mon, 07 Oct 2013 12:22:26 +0400 Message-ID: <52526F3D.2060404@mail.ru> Date: Mon, 07 Oct 2013 12:22:21 +0400 From: fbsd-mbox User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Fwd: Problem with IPSec setup References: <524D99EB.5060508@mail.ru> In-Reply-To: <524D99EB.5060508@mail.ru> X-Forwarded-Message-Id: <524D99EB.5060508@mail.ru> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam: Not detected X-Mras: Ok X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2013 08:22:36 -0000 Hi all, forwarded from questions@ 'cause no reply received and obviously none expected. Does anyone have a clue why kernel always directs ESP packets via default route (or default gateway in FIB 0), even if there are other FIBs with per-interface routes? I'm stuck with the gateway, which is connected to 2 ISPs and the necessity to configure IPSec tunnels on both external channels. Using setfib(8) I've managed to successfully establish an IKE session via both channels (using a separate instance of racoon per each channel), but the tunnel is just not working. Using IPFW's setfib option does not make any difference. Is this a bug or I'm missing some point? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"