Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 5 Jan 2004 23:29:37 -0500 (EST)
From:      tomt@callcds.com
To:        freebsd-questions@freebsd.org
Subject:   IPENCAP issue
Message-ID:  <38463.12.217.87.137.1073363377.squirrel@mail.callcds.com>
next in thread | raw e-mail | index | archive | help 
The problem
I have 5 buildings that are connected via point-to-point wireless.  The
cost of dedicated lines within this town were so high that wireless was an
excellent option.  The wireless is in place and working however we are
going back to secure the wireless cloud so that it cannot be used by
unauthorized people.  The internet connection for all buildings is located
at Building A so all machines need to route across the wireless to the
internet.

The solution
5 PCs running FreeBSD 5.1-Release using 2 network cards apiece and running
IP-ENCAP between nodes with the tunnel being encrypted with IPSEC.
Routing on each gateway that sends its traffic to the headend at Building A

I have all this working except for this problem
The PROBLEM
Certain websites are not accessible
sears.com
msnbc.com
microsoft.com
drudgereport.com

Other websites will work normally
freebsd.org
slashdot.org
ebay.com

What seems to be the problem
Each of the websites that I listed have round-robin DNS enabled and have
multiple A records for the website

What I have done
Recompile kernel back to GENERIC with
options IPSEC
options IPSEC_ESP
options IPFIREWALL

Disable IPSEC
rc.conf
ipsec_enable="NO"

Open IPFW rules wide open
firewall_enable="YES"
firewall_type="OPEN"

Summary
I have slimed this configuration back to 2 machines(Building A and
Building B)
Building A
External IP: 192.168.0.3/27
Internal IP: 10.114.252.1/22

Building B
External IP: 192.168.0.6/27
Internal IP: 10.114.96.1/20

Removed IPSEC tunneling between machines now IP-ENCAP is the only thing
that travels between machines.

Opened the ruleset on both machines IPFW installation to OPEN


Does anyone have any suggestions?
Thanks
Tom

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38463.12.217.87.137.1073363377.squirrel>