From owner-freebsd-net Fri May 17 1: 6:21 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by hub.freebsd.org (Postfix) with ESMTP id 08DCD37B40A for ; Fri, 17 May 2002 01:06:16 -0700 (PDT) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.33 #2) id 178cp8-000EwV-00 for freebsd-net@freebsd.org; Fri, 17 May 2002 10:10:50 +0200 Received: from shell.devco.net ([196.15.188.7]) by mx1.dev.itouchnet.net with esmtp (Exim 3.33 #2) id 178cp4-000Ew8-00; Fri, 17 May 2002 10:10:46 +0200 Received: from bvi by shell.devco.net with local (Exim 3.33 #4) id 178cke-00074K-00; Fri, 17 May 2002 10:06:12 +0200 Date: Fri, 17 May 2002 10:06:12 +0200 From: Barry Irwin To: Chih-Chang Hsieh Cc: Archie Cobbs , freebsd-net@FreeBSD.ORG Subject: Re: A question about racoon with multi-homed IPSec box Message-ID: <20020517100612.G17719@itouchlabs.com> References: <200205170515.g4H5Fqe36428@arch20m.dellroad.org> <3CE499A3.8030807@cc.kmu.edu.tw> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CE499A3.8030807@cc.kmu.edu.tw>; from cch@cc.kmu.edu.tw on Fri, May 17, 2002 at 01:48:19PM +0800 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 57439-1021623049-04073@mx1.dev.itouchnet.net version $Name: REL_2_0_2 $ Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri 2002-05-17 (13:48), Chih-Chang Hsieh wrote: > Archie Cobbs wrote: > > Chih-Chang Hsieh writes: > > > >>Could someone tell us how to assign a local address for > >>racoon to bind? Because the 3-IP box's outgoing interface > >>is assigned by a private IP which connects to a router. > >>But we want racoon to bind the public IP. > > > > man racoon.conf... > > > > listen > > { > > isakmp x.x.x.x; <-- your ip address goes here > > } > > Sorry, I forgot to say that we had tried this. > > But it not works. :( We are using racoon-20020507a. > > Anyway, thank you very much. I am running this on a number of my production firewalls and in cases where I ahev specifically bound and IP for Racoon to use it works. In most Cases I let it bind all interfaces - in which case the interface 'closest' to the other system is used. Where this doesnt work, and where I assume you are having the problem si swhere you have two IP's bound to an interface and you want racoon to use an IP that is not the primary bound address on the interface. racoon-20010322a KAME racoon IKE daemon racoon-20011215a KAME racoon IKE daemon Barry -- Barry Irwin bvi@itouchlabs.com +27214875177 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message