Date: Sun, 5 May 2019 00:33:42 +0300 From: KOT MATPOCKuH <matpockuh@gmail.com> To: freebsd-stable@freebsd.org Subject: Re: route based ipsec Message-ID: <CALmdT0Xtg6pz7WoZsLBv1V2Q2jfwz89CgHYGgeMAGO%2Bi=tTuHQ@mail.gmail.com> In-Reply-To: <20190504171822.GA27671@thismonkey.com> References: <mailman.11.1556971200.11143.freebsd-stable@freebsd.org> <20190504171822.GA27671@thismonkey.com>
index | next in thread | previous in thread | raw e-mail
Hello! сб, 4 мая 2019 г. в 21:01, Scott Aitken <freebsd-lists-5@thismonkey.com>: > > On 5/2/2019 4:16 PM, KOT MATPOCKuH wrote: > > > 0.The ipsec-tools port currently does not have a maintainer (C) > portmaster > > > ... Does this solution really supported? Or I should switch to use > > > another IKE daemon? > > I've just started using IPSEC between a 12.0-RELEASE box, a 11.2-RELEASE-p9 > box and a Cisco IOS router. > What type of peers_identifier are You using? I'm using asn1dn... And today I got a coredump on 3rd host in: #0 0x000000000024717f in privsep_init () I haven't seen any core dumps or crashes. I run routing between these > devices (using RIPv2 rather than OSPF) - in order to do this you need to > create tunnels between the devices because encrypting routing protocols and > things that use multicast is tricky. I felt that that the handbook example > was lacking - it should have been encrypting the tunnel endpoints and NOT > the > LAN traffic on either side of the tunnel. > I used pointtomultipoint topology and hardcoded peer's IP addresses for OSPF. No multicast => no problems :) > Anyway I built IPENCAP (aka IPinIP) tunnels using gif interfaces and > configured racoon/ipsec-tools to build the SA/SADs using the tunnel > endpoints > and IP protocol 4 (IPENCAP). > I think my next step will be try to use gre tunnels over ipsec with psk authentication. If you want the configs let me know. > No, thanks You! :) -- MATPOCKuHhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CALmdT0Xtg6pz7WoZsLBv1V2Q2jfwz89CgHYGgeMAGO%2Bi=tTuHQ>