Date: Tue, 16 Dec 2003 16:00:18 +0100 From: Regis.HANNA@fr.thalesgroup.com To: freebsd-net@freebsd.org Subject: Problems using ipsec transport mode with a gateway Message-ID: <E47AE55C6B9510418115F481D992699F0FDC7A@nodalcch.cch.tcfr.thales>
next in thread | raw e-mail | index | archive | help
Hello,
My network configuration is 2 subnets separated by a gateway :
|--------| 1.1.1.0/24 |-----------------| 2.1.1.0/24 |--------------|
| Host 1 |--------------| FreeBSD gateway |--------------| FreeBSD host |
|--------| |-----------------| |--------------|
1.1.1.4 1.1.1.1 2.1.1.1 2.1.1.4
non ciphered data ciphered data
I want to protect data between Host 1 and FreeBSD host, only in the
2.1.1.0/24 subnet by using ipsec in TRANSPORT mode. I choose transport mode
because of low overhead and higher performances.
I observe that data from Host 1 to FreeBSD host are ok but data from FreeBSD
host to Host 1 are STOPPED in the FreeBSD gateway. When I use ipsec in
tunnel mode it is always ok.
The FreeBSD gateway setkey configuration is :
add 2.1.1.1 2.1.1.4 esp 1000 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
add 2.1.1.4 2.1.1.1 esp 1001 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
spdadd 1.1.1.4 2.1.1.4 any -P out ipsec
esp/transport/2.1.1.1-2.1.1.4/require;
spdadd 2.1.1.4 1.1.1.4 any -P in ipsec
esp/transport/2.1.1.4-2.1.1.1/require;
The FreeBSD host setkey configuration is :
add 2.1.1.1 2.1.1.4 esp 1000 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
add 2.1.1.4 2.1.1.1 esp 1001 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
spdadd 1.1.1.4 2.1.1.4 any -P in ipsec
esp/transport/2.1.1.1-2.1.1.4/require;
spdadd 2.1.1.4 1.1.1.4 any -P out ipsec
esp/transport/2.1.1.4-2.1.1.1/require;
I use FreeBSD 5.1.
Thank you in advance,
Regis Hanna.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E47AE55C6B9510418115F481D992699F0FDC7A>