From owner-freebsd-stable Mon May 21 10:45:11 2001 Delivered-To: freebsd-stable@freebsd.org Received: from leviathan.inethouston.net (216-118-21-146.pdq.net [216.118.21.146]) by hub.freebsd.org (Postfix) with ESMTP id D6EBA37B422 for ; Mon, 21 May 2001 10:45:05 -0700 (PDT) (envelope-from dwcjr@inethouston.net) Received: from dwcjr (DWCJR.inethouston.net [216.118.21.147]) by leviathan.inethouston.net (Postfix) with ESMTP id 8F14F10F40F; Mon, 21 May 2001 12:45:08 -0500 (CDT) Message-ID: <01f601c0e21d$c5b0c840$931576d8@inethouston.net> From: "David W. Chapman Jr." To: "Brandt Everett" , References: <003001c0e21c$149dee30$632807d8@prosser.bentonrea.org> Subject: Re: ESP between two FreeBSD boxes Date: Mon, 21 May 2001 12:45:06 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Yes and to do that you have to allow all ip traffic between the two. It encrypts all the layers above layer 3 so it has no idea what protocol or port you are trying to access so the firewall only sees layer 3(ip) and has to make its decision based on that and only that. ----- Original Message ----- From: "Brandt Everett" To: "'David W. Chapman Jr.'" ; Sent: Monday, May 21, 2001 12:32 PM Subject: RE: ESP between two FreeBSD boxes > Yeap got that. but I'm not trying to setup a tunnel (got that part work) I > just want encrypted payload between these two specific machines. > > Brandt Everett > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > phone: 1-800-398-1232 x 234 > webpage: www.bentonrea.com > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > -----Original Message----- > > From: owner-freebsd-stable@FreeBSD.ORG > > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of David W. Chapman > > Jr. > > Sent: Monday, May 21, 2001 10:23 AM > > To: Brandt Everett; freebsd-stable@FreeBSD.ORG > > Subject: Re: ESP between two FreeBSD boxes > > > > > > Do you have a firewall setup. If so you have to allow all ip > > traffic from > > one to the other on boths sides. > > > > ie allow all from 192.168.0.0/24 to 192.168.1.0/24 > > allow all from 192.168.1.0/24 to 192.168.0.0/24 > > ----- Original Message ----- > > From: "Brandt Everett" > > To: > > Sent: Monday, May 21, 2001 12:19 PM > > Subject: ESP between two FreeBSD boxes > > > > > > > I am trying to setup a simple encrypted communication between two > > machines, > > > but when ever I set it up, communication stops between > > them. Below are my > > > setkey commands. I am at a loss. Can anyone help me out? > > > > > > Thanks > > > > > > Brandt Everett > > > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > phone: 1-800-398-1232 x 234 > > > webpage: www.bentonrea.com > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > > > > > > > > > Machine A > > > /usr/sbin/setkey -c << EOF > > > spdadd ${boxcar} ${hercules} any -P out ipsec > > > esp/transport/${boxcar}-${hercules}/require; > > > spdadd ${hercules} ${boxcar} any -P in ipsec > > > esp/transport/${hercules}-${boxcar}/require; > > > add ${boxcar} ${hercules} esp 12345 -E blowfish-cbc > > "somethingsecret"; > > > add ${hercules} ${boxcar} esp 12346 -E blowfish-cbc > > "somethingsecret"; > > > EOF > > > > > > > > > Machine B > > > /usr/sbin/setkey -c << EOF > > > spdadd ${hercules} ${boxcar} any -P out ipsec > > > esp/transport/${hercules}-${boxcar}/require; > > > spdadd ${boxcar} ${hercules} any -P in ipsec > > > esp/transport/${boxcar}-${hercules}/require; > > > add ${boxcar} ${hercules} esp 12345 -E blowfish-cbc > > "somethingsecret"; > > > add ${hercules} ${boxcar} esp 12346 -E blowfish-cbc > > "somethingsecret"; > > > EOF > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-stable" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-stable" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message