From owner-freebsd-stable Wed Nov 20 4:45:24 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F2AF37B406 for ; Wed, 20 Nov 2002 04:45:22 -0800 (PST) Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E0F043E9E for ; Wed, 20 Nov 2002 04:45:18 -0800 (PST) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 0B1802A4; Wed, 20 Nov 2002 13:45:17 +0100 (CET) Date: Wed, 20 Nov 2002 13:45:16 +0100 From: Guido van Rooij To: Scott Ullrich Cc: 'Archie Cobbs' , David Kelly , "'greg.panula@dolaninformation.com'" , FreeBSD-stable@FreeBSD.ORG Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? SOLUTION A ND QUESTIONS Message-ID: <20021120124516.GE47298@gvr.gvr.org> References: <2F6DCE1EFAB3BC418B5C324F13934C9601D23C76@exchange.corp.cre8.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2F6DCE1EFAB3BC418B5C324F13934C9601D23C76@exchange.corp.cre8.com> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Nov 19, 2002 at 11:41:49PM -0500, Scott Ullrich wrote: > I thought it was going to work after Guido pointed out that I was using > tunnel mode vs. transport. I changed it over to transport and could not get > it to work under any conditions. I tried gif rules, internal network rules > before and after the divert and many other methods including using a allow > all from any to any ruleset and could not get this to work so I am reverting > back. I am honestly lost at this point and need to do the tcpdumps that > david has done to see what is going wrong. I am almost positive you are doing something wrong. Please repost the things I asked for, i.e. 1) ifconfig of physical and gif devices 2) setkey -DP 3) ipfw config -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message