From owner-freebsd-current@FreeBSD.ORG Tue Jan 20 17:53:57 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D098D16A4CE for ; Tue, 20 Jan 2004 17:53:57 -0800 (PST) Received: from mx1.au.itouchnet.net (nat2.au.itouchnet.net [144.135.23.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B2E843D49 for ; Tue, 20 Jan 2004 17:53:53 -0800 (PST) (envelope-from andrewjt@applecomm.net) Received: from nobody by mx1.au.itouchnet.net with scanned_ok (Exim 3.36 #1) id 1Aj7be-000PT6-00 for current@freebsd.org; Wed, 21 Jan 2004 12:56:34 +1100 Received: from [192.168.13.202] (helo=[192.168.13.202]) by mx1.au.itouchnet.net with esmtp (Exim 3.36 #1) id 1Aj7be-000PSv-00 for current@freebsd.org; Wed, 21 Jan 2004 12:56:34 +1100 From: Andrew Thomson To: current@freebsd.org Content-Type: text/plain Message-Id: <1074650025.701.82.camel@itouch-1011.prv.au.itouchnet.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Wed, 21 Jan 2004 12:53:46 +1100 Content-Transfer-Encoding: 7bit X-Checked: Scanned for any viruses and unauthorized attachments at mx1.au.itouchnet.net X-iScan-ID: 97899-1074650194-97589@mx1.au.itouchnet.net version $Name: REL_2_0_2 $ Subject: ipsec changes in 5.2R X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2004 01:53:58 -0000 I'm a little guilty as I upgraded my laptop from 5.0 to 5.2. So I'm guessing things have changed a bit. However I used to encrypt my wireless connection using IPSEC. Since the upgrade, things no longer work. My firewall is a 4.9p1 host which is at the other end of the IPSEC VPN and wireless link. I previously used the following ipsec.conf to get things going (these are from the firewall, obviously the reverse [out/in] is applied to my laptop). 192.168.14.2[any] 0.0.0.0/0[any] any in ipsec esp/tunnel/192.168.14.2-192.168.14.1/require spid=5 seq=1 pid=1409 refcnt=1 0.0.0.0/0[any] 192.168.14.2[any] any out ipsec esp/tunnel/192.168.14.1-192.168.14.2/require spid=6 seq=0 pid=1409 refcnt=1 Now when I have those setkey entries enabled on my laptop, I can't even ping my own host (192.168.14.2). Both tcpdump and ipfw add 100 log ip from any to any shows nothing on my wireless link.. Not sure why this has now stopped working.. Any clues? ajt.