Date: Tue, 27 May 2008 20:43:31 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Tom Judge <tom@tomjudge.com> Cc: net@FreeBSD.org Subject: Re: ICMP Error transmission/response over IPSec tunnels Message-ID: <20080527204111.F65662@maildrop.int.zabbadoz.net> In-Reply-To: <483C70A9.2060500@tomjudge.com> References: <483C51EE.7040700@tomjudge.com> <20080527201331.L65662@maildrop.int.zabbadoz.net> <483C70A9.2060500@tomjudge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 27 May 2008, Tom Judge wrote: Hi, > Yes we do indeed see a reply from node b. It is good to here that this is a > known issue. > > The IPSec configuration is a gif ipip tunnel that is then encrypted with > IPSec using esp in tunnel mode as per the ipsec vpn section in the handbook. 1) if you do not need the ipip tunnel because you need an interface and "link state changes" only go with the IPsec tunnel mode. 2) If you need the gi tunnel on top and routing, use IPsec transport mode. (ignore the handbook, try to understand it;) > Do you have any more information on the underlying source of the problem? If > so it would help me find the problem. I may setup a small test network to > find this problem this evening time permitting. a test network is not a problem. time is. > PS. Could you pm me a link to your RELENG_7 multi ip jail patchs? check the latest status report at... for the link: http://www.freebsd.org/news/status/report-2008-01-2008-03.html#Multi-IPv4/v6/no-IP-jails -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080527204111.F65662>