From owner-freebsd-net@FreeBSD.ORG  Mon May 24 19:39:01 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0C17E16A4CE
	for <freebsd-net@freebsd.org>; Mon, 24 May 2004 19:39:01 -0700 (PDT)
Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp
	[202.249.10.124])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5DE4E43D31
	for <freebsd-net@freebsd.org>; Mon, 24 May 2004 19:39:00 -0700 (PDT)
	(envelope-from jinmei@isl.rdc.toshiba.co.jp)
Received: from ocean.jinmei.org (unknown
	[2001:200:0:8002:edd1:491d:5a40:6335])
	by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP
	id B80CA1525D; Tue, 25 May 2004 11:38:10 +0900 (JST)
Date: Tue, 25 May 2004 11:38:13 +0900
Message-ID: <y7vvfilz0x6.wl@ocean.jinmei.org>
From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?=
	<jinmei@isl.rdc.toshiba.co.jp>
To: Muhammad Reza <reza@mra.co.id>
In-Reply-To: <40B15C50.2030201@mra.co.id>
References: <40B15C50.2030201@mra.co.id>
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0
	(SAKAKI)
Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan.
MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen")
Content-Type: text/plain; charset=US-ASCII
cc: freebsd-net@freebsd.org
Subject: Re: vpn over ipsec question
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 May 2004 02:39:01 -0000

>>>>> On Mon, 24 May 2004 09:22:08 +0700, 
>>>>> Muhammad Reza <reza@mra.co.id> said:

> I try to configure vpn over ipsec between two FreeBSD (4.10PRERELEASE 
> and 5.1.p17) gateways.
> My guidelines is from FreeBSD handbook,
> Tunelling is workfine with gifconfig command, i can ping each internal 
> interface from both side gateway.
> The problem is when i try to securing the link with setkey command 
> (setkey -f /etc/ipsec.conf), i cant no longer established connection 
> between internal interface. (ping time out).
> Please help me regarding this problem

Please provide more detailed information if you want to get useful
advice.  At least the content of ipsec.conf is necessary.  Perhaps it
contains "real" secret keys you want to hide.  If so, first try the
same configuration with temporary keys like "foobarbaz", and report
the problem again (if it happens) with the full details of ipsec.conf
and the temporary keys.

Another nit: you may also want to ask the question at
snap-users@kame.net if you still cannot get an answer here.

					JINMEI, Tatuya
					Communication Platform Lab.
					Corporate R&D Center, Toshiba Corp.
					jinmei@isl.rdc.toshiba.co.jp