Date: Tue, 30 Jul 2002 00:48:13 -0700 From: "Crist J. Clark" <crist.clark@attbi.com> To: Matthew Grooms <mgrooms@seton.org> Cc: dlavigne6@cogeco.ca, freebsd-questions@FreeBSD.ORG Subject: Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ... Message-ID: <20020730074813.GF89241@blossom.cjclark.org> In-Reply-To: <sd455602.090@aus-gwia.aus.dcnhs.org> References: <sd455602.090@aus-gwia.aus.dcnhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[Please, -questions or -security, but not both.]
On Mon, Jul 29, 2002 at 02:49:22PM -0500, Matthew Grooms wrote:
> Ok, Im a moron. I was trying to use the gif griver whan I shouldn't
> have.
I've never figured out why people use gif(4) interfaces when ESP does
the tunneling for you.
[snip]
> When the connection is initiated from the bsd side, traffic passes
> through the vpn1 box, enencrypted and routed to the remote host without
> a problem. Unfotunately, the response from the remote host gets caught
> up on the return trip. I am guessing this is because the bsd and vpn1
> box agree on an outbound ( from the bsd boxs perspective ) proposal but
> cannot agree on an inbound proposal. The checkpoint error logs say
> 'encryption failure : no response from peer'. However, here is some
> tcpdump output that shows bi-directional communications. Im not sure how
> to interperate this. Any ideas anyone?
>
> tcpdump: listening on eth0
The output from running racoon(8) with the '-d' option would be much
more useful.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020730074813.GF89241>