From owner-freebsd-questions Sun Sep 8 3:20:24 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F83037B405 for ; Sun, 8 Sep 2002 03:20:17 -0700 (PDT) Received: from witchspace.com (pc1-rdng1-4-cust134.bre.cable.ntl.com [213.105.81.134]) by mx1.FreeBSD.org (Postfix) with SMTP id 339C843E6A for ; Sun, 8 Sep 2002 03:20:16 -0700 (PDT) (envelope-from jon@witchspace.com) Received: (qmail 1863 invoked from network); 8 Sep 2002 10:20:14 -0000 Received: from lexx.witchspace.com (HELO witchspace.com) (192.168.0.1) by dookie.witchspace.com with SMTP; 8 Sep 2002 10:20:14 -0000 Message-ID: <3D7B245E.4050105@witchspace.com> Date: Sun, 08 Sep 2002 11:20:14 +0100 From: Jonathan Belson User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.0.0) Gecko/20020529 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: ipsec Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hiya I have a laptop with a wireless link to my server, and I'm trying to beef up the security by using ipsec (transport mode) instead of wep. Getting the link itself to work was quite easy since there are several good tutorials covering the set up. The problem I'm having is that with ipsec enabled on my server, none of my other non-ipsecing machines can talk to it any more. Do I need to explicitly tell it not to expect ispec packets from other IPs? Here is /etc/ipsec.conf on my server: flush; spdflush; spdadd 192.168.0.100/24 192.168.0.10/24 any -P out ipsec esp/transport/192.168.0 .100-192.168.0.10/require; spdadd 192.168.0.10/24 192.168.0.100/24 any -P in ipsec esp/transport/192.168.0. 10-192.168.0.100/require; The server is 192.168.0.100, and the laptop is 192.168.0.10. On a related note, how do I automatically enable wep for the wi interface? ifconfig allows you to specify a wep key, but I find I have to manually type 'wicontrol -e 1' after the card has been detected. Cheers, --Jon http://www.witchspace.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message