From owner-freebsd-net@FreeBSD.ORG Fri Dec 12 12:53:58 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BBCAA363 for ; Fri, 12 Dec 2014 12:53:58 +0000 (UTC) Received: from mail.ismobile.com (mail.ismobile.com [176.57.193.164]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.ismobile.com", Issuer "GlobalSign Domain Validation CA - G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 68C8A380 for ; Fri, 12 Dec 2014 12:53:58 +0000 (UTC) Received: from mail.ismobile.com (localhost [127.0.0.1]) by dkim.mail.ismobile.com (Postfix) with ESMTP id 6C11E2B54A5; Fri, 12 Dec 2014 12:53:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=ismobile.com; h=date:from :to:cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=selector1; bh=mBrh1dT zQ+YpwCNbWWFOzNJjn0I=; b=PQoI2nq5XpIGm9YAeS5Q0xj8ekv/bQCYq1VHtI9 2EMLyCl3hDbgPPsWOB16Euyd4LQQdYYFxhclrw6YGW/+hrFyI3jMYt41zDNdH5Ct MEs+mVjiWiXriXnyg2mm6hC8FsHzc2dR+vWwhZircpmUoI0eS+GoVzMcAUaKKFID FWFY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=ismobile.com; h=date:from:to :cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; q=dns; s=selector1; b=X 0/VjwMQIi2WvQJdhwxomGlQRYzrQHibpKv6q7zOtisllkRLnpZ18Gy6qFP7YME53 8KEfFExvTnxVwhTbe2XuREG6kvcdLCEpGVcNVX2c+cW0CNVST49SYUdwhhXLTWTv ebyuQOlcaPZrXPQb7XXq9wkjosuWLszNNNHENSk3M0= Received: from [172.16.2.27] (glz-macbookpro.hq.ismobile.com [172.16.2.27]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ismobile.com (Postfix) with ESMTPSA id 96DE22B54A3; Fri, 12 Dec 2014 12:53:47 +0000 (UTC) Date: Fri, 12 Dec 2014 13:53:46 +0100 From: =?UTF-8?Q?G=C3=B6ran_L=C3=B6wkrantz?= To: "Andrey V. Elsukov" , freebsd-net@freebsd.org Subject: Re: [MASSMAIL]Re: IPSec and StrongSWAN result in wrong forward Message-ID: <4C9D134E6025215B72BEA9EC@[172.16.2.27]> In-Reply-To: <548AD623.3070503@yandex.ru> References: <0B86BA4B10B152ADEE1E8BEE@[172.16.2.27]> <548AD623.3070503@yandex.ru> X-Mailer: Mulberry/4.1.0a3 (Mac OS X) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline; size=550 Cc: Martin Palm X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2014 12:53:58 -0000 --On 12 Dec 2014 14:48:51 +0300 "Andrey V. Elsukov" =20 wrote: > On 12.12.2014 14:13, G=C3=B6ran L=C3=B6wkrantz wrote: >> Host: 10.1-STABLE FreeBSD 10.1-STABLE #0 r275046 >> Sw: strongswan-5.2.0_1 >> >> Putting up an ESP tunnel between 192.168.2.0/24 and 192.168.40.8/29 over >> endpoints X and W. The outgoing traffic is passed through a DMZ and >> exists on my side through a firewall with inner address Y and outer >> address U. > > Do you use gif(4) to create tunnels? No, just declare them in StrongSWAN config file ipsec.conf. /glz