From owner-freebsd-questions@FreeBSD.ORG Tue Nov 25 17:24:25 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E5FB16A4CE; Tue, 25 Nov 2003 17:24:25 -0800 (PST) Received: from hotmail.com (bay9-f15.bay9.hotmail.com [64.4.47.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6050543F75; Tue, 25 Nov 2003 17:24:24 -0800 (PST) (envelope-from amin_abdul@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 25 Nov 2003 17:24:24 -0800 Received: from 198.168.30.2 by by9fd.bay9.hotmail.msn.com with HTTP; Wed, 26 Nov 2003 01:24:24 GMT X-Originating-IP: [198.168.30.2] X-Originating-Email: [amin_abdul@hotmail.com] From: "Amin Abdul" To: freebsd-questions@freebsd.org Date: Wed, 26 Nov 2003 01:24:24 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 26 Nov 2003 01:24:24.0362 (UTC) FILETIME=[06AB50A0:01C3B3BC] cc: freebsd-bugs@freebsd.org Subject: VPN(touch-ID)/gif0/Dynamic Routing Issue [freeBSD 4.8 Release] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Nov 2003 01:24:25 -0000 Hello, I have few questions regarding the Dynamic Rouitng (i.e. routed) and gif0 interface. Questions: 1. There is any in-compatibility or known bug, if we use routed and gif0 interface together (I am using freeBSD 4.8 Release). 2. If there is no known bug then any one tested the above mention combination (routed and gif0 interface) 3. Is there any freeBSD document which describe how to configure gif0 and routed together. Details: I go through the following documents: http://www.freebsd.org/handbook/ipsec.html http://asherah.dyndns.org/~josh/ipsec-howto.txt and follow the following steps: 1. I am using the www.freebsd.org/handbook/ipsec.html diagram as my reference network 2. Configure the gif0 interface , it work fine (tested by ping and tcpdump) 3. Configure IPSec in Transport mode (since I am interested in forwarding dynamic routing information over point-2-point VPN) using draft-touch-ipsec- vpn approach, i.e: IPSec policy On Network 1: spdadd A.B.C.D W.X.Y.Z any -P out ipsec esp/transport//use; spdadd W.X.Y.Z A.B.C.D any -P in ipsec esp/transport//use; On Network 2: spdadd W.X.Y.Z A.B.C.D any -P out ipsec esp/transport//use; spdadd A.B.C.D W.X.Y.Z any -P in ipsec esp/transport//use; It works fine (ping and tcpdump). 3. Now I start "routed" with "-s" options, It never saw any routing information flow through the VPN (tcpdump). But I saw some ERROR message (IP_ADD_MEMBERSHIP RIP) during system REBOOT 4. So, I disabled the IPSec and try again but I still saw no routing information over VPN (tcpdump). But I saw some ERROR message (IP_ADD_MEMBERSHIP RIP) during system REBOOT 5. So, I disabled the gif0 interface as well, I saw the RIP packets exchanges between two freeBSD machine. Summary: 1. routed works fine without gif0 interface. 2. VPN works fine without routed. Thanks, Amin _________________________________________________________________ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca