Date: Tue, 16 Dec 2003 16:00:18 +0100 From: Regis.HANNA@fr.thalesgroup.com To: freebsd-net@freebsd.org Subject: Problems using ipsec transport mode with a gateway Message-ID: <E47AE55C6B9510418115F481D992699F0FDC7A@nodalcch.cch.tcfr.thales>
next in thread | raw e-mail | index | archive | help
Hello, My network configuration is 2 subnets separated by a gateway : |--------| 1.1.1.0/24 |-----------------| 2.1.1.0/24 |--------------| | Host 1 |--------------| FreeBSD gateway |--------------| FreeBSD host | |--------| |-----------------| |--------------| 1.1.1.4 1.1.1.1 2.1.1.1 2.1.1.4 non ciphered data ciphered data I want to protect data between Host 1 and FreeBSD host, only in the 2.1.1.0/24 subnet by using ipsec in TRANSPORT mode. I choose transport mode because of low overhead and higher performances. I observe that data from Host 1 to FreeBSD host are ok but data from FreeBSD host to Host 1 are STOPPED in the FreeBSD gateway. When I use ipsec in tunnel mode it is always ok. The FreeBSD gateway setkey configuration is : add 2.1.1.1 2.1.1.4 esp 1000 -m transport -E rijndael-cbc "PASSWORDPASSWORD"; add 2.1.1.4 2.1.1.1 esp 1001 -m transport -E rijndael-cbc "PASSWORDPASSWORD"; spdadd 1.1.1.4 2.1.1.4 any -P out ipsec esp/transport/2.1.1.1-2.1.1.4/require; spdadd 2.1.1.4 1.1.1.4 any -P in ipsec esp/transport/2.1.1.4-2.1.1.1/require; The FreeBSD host setkey configuration is : add 2.1.1.1 2.1.1.4 esp 1000 -m transport -E rijndael-cbc "PASSWORDPASSWORD"; add 2.1.1.4 2.1.1.1 esp 1001 -m transport -E rijndael-cbc "PASSWORDPASSWORD"; spdadd 1.1.1.4 2.1.1.4 any -P in ipsec esp/transport/2.1.1.1-2.1.1.4/require; spdadd 2.1.1.4 1.1.1.4 any -P out ipsec esp/transport/2.1.1.4-2.1.1.1/require; I use FreeBSD 5.1. Thank you in advance, Regis Hanna.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E47AE55C6B9510418115F481D992699F0FDC7A>