From owner-freebsd-net@FreeBSD.ORG Sun May 22 02:30:56 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D08F4106564A for ; Sun, 22 May 2011 02:30:56 +0000 (UTC) (envelope-from jhall@socket.net) Received: from mf1.socket.net (mf1.socket.net [216.106.88.38]) by mx1.freebsd.org (Postfix) with ESMTP id B53368FC0A for ; Sun, 22 May 2011 02:30:56 +0000 (UTC) Received: from localhost (unknown [216.106.88.17]) by mf1.socket.net (Postfix) with SMTP id 4FDBA403EB for ; Sat, 21 May 2011 21:15:20 -0500 (CDT) To: freebsd-net@freebsd.org From: jhall@socket.net X-Apparently-from: jhall@mail.socket.net X-Remote-Host: 216.106.31.249 User-Agent: Socket WebMail Date: Sat, 21 May 2011 21:15:20 -0500 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Message-Id: <20110522023056.D08F4106564A@hub.freebsd.org> Subject: IPSec Routing X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: jhall@socket.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 May 2011 02:30:57 -0000 I posted a similar question to the FreeBSD questions forum earlier, but the answer I received has only confused me more. So, I am asking a similar question here. Please excuse me if this is considered a cross post. I am using IPSec in transport mode to connect to a vendor's router. The connection is established and I am able to see the tunnels are established in racoon by the IPsec-SA established: ESP/Tunnel messages. And, my vendor has confirmed the connection is up on their end. What I am not understanding is how to add routes correctly when using transport mode. I have added the proper incoming/outgoing information using setkey. When I display the information using setkey -DP, the routes appear correct. I have defined one outbound route for the local private network to the remote private network and vice versa. When I try to ping the remote network, I do not receive any responses. Running a traceroute, I see the packet bounced back and forth between the external interface and the loopback adapter on my FBSD box. I am connecting to a Juniper router running the JUNOS operating system. This is the first time I have connected two networks together using transport mode as opposed to tunnel mode and I am really confused as to what I should be doing. The handbook information seems to deal only with tunnel mode. Thanks for your help. Jay