Date: Tue, 22 Nov 2005 21:57:24 +0000 From: Baldur Gislason <baldur@foo.is> To: freebsd-net@freebsd.org Subject: Re: Strange problem with IPSEC, not entirely transparent. Message-ID: <20051122215724.GN97528@gremlin.foo.is> In-Reply-To: <20051122215253.GM97528@gremlin.foo.is> References: <20051122215253.GM97528@gremlin.foo.is>
next in thread | previous in thread | raw e-mail | index | archive | help
Adding: If I kill spmd on the 5.4 box, then all works fine but the comms are only encrypted in one direction. Baldur On Tue, Nov 22, 2005 at 09:52:53PM +0000, Baldur Gislason wrote: > I recently set up IPSEC communications between two hosts I have in different places. > One is FreeBSD 5.4-STABLE August 22. 2005. The other is 4.11-STABLE April 18th 2005. > I run a gif tunnel between them and routes for networks found on both sides are negotiated > by quagga using ospf. > the internet ips of the hosts are not listed as networks in ospfd.conf because that would > break the tunnel. > > Now, here's the problem. When I have spmd and iked running on both ends, and everything between > the hosts goes by IPSEC, comms over the tunnel work fine but I cannot connect to any TCP ports > on the 5.4 machine from the 4.10 machine. > I can connect from the 5.4 machine to the 4.10 machine though. > Both machines can ping each other, no problems there. And all comms that go through the gif0 tunnel > work. > > I tried flushing ipfw on both ends, no luck. > Any ideas? > > Baldur > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051122215724.GN97528>