Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 May 2002 10:06:12 +0200
From:      Barry Irwin <bvi@itouchlabs.com>
To:        Chih-Chang Hsieh <cch@cc.kmu.edu.tw>
Cc:        Archie Cobbs <archie@dellroad.org>, freebsd-net@FreeBSD.ORG
Subject:   Re: A question about racoon with multi-homed IPSec box
Message-ID:  <20020517100612.G17719@itouchlabs.com>
In-Reply-To: <3CE499A3.8030807@cc.kmu.edu.tw>; from cch@cc.kmu.edu.tw on Fri, May 17, 2002 at 01:48:19PM %2B0800
References:  <200205170515.g4H5Fqe36428@arch20m.dellroad.org> <3CE499A3.8030807@cc.kmu.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Fri 2002-05-17 (13:48), Chih-Chang Hsieh wrote:
> Archie Cobbs wrote:
> > Chih-Chang Hsieh writes:
> > 
> >>Could someone tell us how to assign a local address for
> >>racoon to bind? Because the 3-IP box's outgoing interface
> >>is assigned by a private IP which connects to a router.
> >>But we want racoon to bind the public IP.
> > 
> > man racoon.conf...
> > 
> >     listen
> >     {
> > 	isakmp x.x.x.x;	<-- your ip address goes here
> >     }
> 
> Sorry, I forgot to say that we had tried this.
> 
> But it not works. :( We are using racoon-20020507a.
> 
> Anyway, thank you very much.

I am running this on a number of my production firewalls and in cases where
I ahev specifically bound and IP for Racoon to use it works.  In most Cases
I let it bind all interfaces - in which case the interface 'closest' to the
other system is used.  Where this doesnt work, and where I assume you are
having the problem si swhere you have two IP's bound to an interface and you
want racoon to use an IP that is not the primary bound address on the
interface.

racoon-20010322a    KAME racoon IKE daemon
racoon-20011215a    KAME racoon IKE daemon

Barry

--
Barry Irwin		bvi@itouchlabs.com			+27214875177
Systems Administrator: Networks And Security
Itouch Labs 		http://www.itouchlabs.com		South Africa


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020517100612.G17719>