Date: Wed, 31 Jul 2002 00:13:17 -0500 From: "Matthew Grooms" <mgrooms@seton.org> To: <freebsd-questions@FreeBSD.ORG> Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Message-ID: <sd472ba9.023@aus-gwia.aus.dcnhs.org>
next in thread | raw e-mail | index | archive | help
>>> crist.clark@attbi.com 07/30/02 02:51 AM >>> >[Please, -questions or -security, but not >both.] Sorry about that, I wasn't sure where to send it to. I will be more selective in the future. >I've never figured out why people use gif(4) >interfaces when ESP does >the tunneling for you. Right, I just assumed the gif tunnel device was neccesary for esp/tunnel mode. If you look at all the how-to's out there, it is pretty much a given in all the examples. I stopped using it after I realized checkpoint didn't even know what ipencap was. >The output from running racoon(8) with the >'-d' option would be much >more useful. It turned out to be a bad entry in a route table on the private interface on the vpn1 box. Checkpoints log viewer had a pretty creative interpretation of what traffic was being encrypted/passed and what was wasnt. I am actually posting this msg via the ipsec tunnel from my house. Woohoo! Thanks for all the suggestions everyone. I am happy to say that freebsd has once again met all my expectations and more! -Matthew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?sd472ba9.023>