Date: Mon, 24 Jan 2005 16:54:27 -0500 From: Kris Maglione <bsdaemon@comcast.net> To: freebsd-questions@freebsd.org Subject: IPsec issue Message-ID: <41F56E93.8050700@comcast.net>
next in thread | raw e-mail | index | archive | help
I secure my wireless network with IPsec. The rules are generated with a
perl script (included below) with a rule for each ip in the range
192.168.1.3-192.168.1.254 (.2 is my AP). The key exchange is handled by
racoon and works without issue. I have "allow ip from any to any" as my
first ipfw rule when on this network. My firewall allows DHCP and ISAKMP
traffic unencrypted and allows only esp traffic otherwise.
My problem is that certain websites tend not to work. I can look them up
and make a connection, but I get no incoming packets, although on
occasion they do work. Google is one such site. Also, it seems that
images don't always load for any site. Neither firewall is blocking the
traffic. When I make an OpenVPN link over the connection (it's easier
than disabling IPsec, since it's already setup for when I'm away from
home), the same websites work fine.
Any ideas? It just struck me that maybe parallel connections to the same
address are at root of the issue, but I have no real evidence.
What more information would be useful?
Thanks.
Perl script that generates /etc/ipsec.conf:
#!/usr/bin/perl
use strict;
my $fw = "192.168.1.1";
print "flush;","\n",
"spdflush;","\n";
foreach (3..254) {
my $ip = "192.168.1.$_";
print "\n";
print
"spdadd $ip/32 0.0.0.0/0 any -P out ipsec
esp/tunnel/$ip-$fw/require;\n",
"spdadd 0.0.0.0/0 $ip/32 any -P in ipsec
esp/tunnel/$fw-$ip/require;\n";
}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41F56E93.8050700>