From owner-freebsd-questions Tue Feb 19 5:56:26 2002 Delivered-To: freebsd-questions@freebsd.org Received: from smtp-relay1.noc.dsvr.net (virus-1.in.noc.dsvr.net [212.69.192.254]) by hub.freebsd.org (Postfix) with ESMTP id D08C537B416 for ; Tue, 19 Feb 2002 05:56:16 -0800 (PST) Received: from [212.69.208.113] (helo=stealthnet.co.uk) by smtp-relay1.noc.dsvr.net with esmtp (Exim 3.34 #1) id 16dAkd-00050C-00 for freebsd-questions@freebsd.org; Tue, 19 Feb 2002 13:56:11 +0000 Received: from JAMES (host213-122-194-17.in-addr.btopenworld.com [213.122.194.17] (may be forged)) by stealthnet.co.uk (8.11.6/8.11.6) with SMTP id g1JDuA522225 for ; Tue, 19 Feb 2002 13:56:11 GMT From: "James Green" To: Subject: IPsec with fbsd4.5, WinXP on local net plus remote box, help :-) Date: Tue, 19 Feb 2002 13:56:26 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all I'm sure this must all be documented but the most useful resource I've come across has lacked the detail specific to our setup (http://www.daemonnews.org/200101/ipsec-howto.html). We have a remote FBSD4.5 box on a static IP. This is not a problem. We should be able to un racoon on it fine. We locally have a WinXP network behind an ISDN router. This connection has two ISPs and gets allocated a dynamic IP from both (whichever we are currently connnected to). The local machines get given their IPs based on DHCP. I'm on 192.168.1.6 right now. On the local network I have set up a FBSD4.5 dev box with racoon. I've compiled in IPsec support. I've configured IPSec support on my XP machine as best I can tell, but I don't seem to be connecting to the local dev box over it. At least, I don't think so. On starting racoon on the local dev box I get this: 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 192.168.0.8 (sis0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: ::1 (lo0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: fe80::1 (lo0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:205:grab_myaddrs(): my interface: 127.0.0.1 (lo0) 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:472:autoconf_myaddrsport(): configuring default isakmp port. 2002-02-19 13:53:20: DEBUG: grabmyaddr.c:494:autoconf_myaddrsport(): 5 addrs are configured successfully 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=6) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): fe80::1[500] used as isakmp port (fd=7) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): ::1[500] used as isakmp port (fd=8) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): 192.168.0.8[500] used as isakmp port (fd=9) 2002-02-19 13:53:20: INFO: isakmp.c:1357:isakmp_open(): fe80::202:e3ff:fe20:38bb[500] used as isakmp port (fd=10) 2002-02-19 13:53:20: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey X_SPDDUMP message 2002-02-19 13:53:20: DEBUG2: plog.c:193:plogdump(): 02120200 02000000 00000000 c8080000 2002-02-19 13:53:20: DEBUG: pfkey.c:207:pfkey_handler(): pfkey X_SPDDUMP failed: No such file or directory I have no idea what file it is looking for. In /usr/local/etc/racoon/psk.txt I have a line 192.168.0.6 . pinging from my XP box to the dev box gets me no response at all. My questions: 1) what am I doing wrong? :-) 2) since we're on dynamic IPs both for the Internet and local network, how can I configure both the local dev box and the remote box to accept connections from us? Primarily talking about psk.txt. Any tips? URLs? Help :) -- James Green Developer Stealthnet.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message