Date: Tue, 19 Feb 2002 13:56:26 -0000 From: "James Green" <james@stealthnet.co.uk> To: <freebsd-questions@freebsd.org> Subject: IPsec with fbsd4.5, WinXP on local net plus remote box, help :-) Message-ID: <IGEPIJPNHPMGCANGLCBHIEAICCAA.james@stealthnet.co.uk>
next in thread | raw e-mail | index | archive | help
Hi all I'm sure this must all be documented but the most useful resource I've come across has lacked the detail specific to our setup (http://www.daemonnews.org/200101/ipsec-howto.html). We have a remote FBSD4.5 box on a static IP. This is not a problem. We should be able to un racoon on it fine. We locally have a WinXP network behind an ISDN router. This connection has two ISPs and gets allocated a dynamic IP from both (whichever we are currently connnected to). The local machines get given their IPs based on DHCP. I'm on 192.168.1.6 right now. On the local network I have set up a FBSD4.5 dev box with racoon. I've compiled in IPsec support. I've configured IPSec support on my XP machine as best I can tell, but I don't seem to be connecting to the local dev box over it. At least, I don't think so. On starting racoon on the local dev box I get this: 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 192.168.0.8 (sis0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: ::1 (lo0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: fe80::1 (lo0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 127.0.0.1 (lo0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:472:autoconf_myaddrsport(): configuring default isakmp port. 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:494:autoconf_myaddrsport(): 5 addrs are configured successfully 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=6) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): fe80::1[500] used as isakmp port (fd=7) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): ::1[500] used as isakmp port (fd=8) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): 192.168.0.8[500] used as isakmp port (fd=9) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): fe80::202:e3ff:fe20:38bb[500] used as isakmp port (fd=10) 2002-02-19 13:53:20: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP message 2002-02-19 13:53:20: DEBUG2: plog.c:193:plogdump(): 02120200 02000000 00000000 c8080000 2002-02-19 13:53:20: DEBUG: pfkey.c:207:pfkey_handler(): pfkey X_SPDDUMP failed: No such file or directory I have no idea what file it is looking for. In /usr/local/etc/racoon/psk.txt I have a line 192.168.0.6 <mypasswd>. pinging from my XP box to the dev box gets me no response at all. My questions: 1) what am I doing wrong? :-) 2) since we're on dynamic IPs both for the Internet and local network, how can I configure both the local dev box and the remote box to accept connections from us? Primarily talking about psk.txt. Any tips? URLs? Help :) -- James Green Developer Stealthnet.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?IGEPIJPNHPMGCANGLCBHIEAICCAA.james>