Date: Mon, 21 May 2001 12:45:06 -0500 From: "David W. Chapman Jr." <dwcjr@inethouston.net> To: "Brandt Everett" <everett@bentonrea.com>, <freebsd-stable@FreeBSD.ORG> Subject: Re: ESP between two FreeBSD boxes Message-ID: <01f601c0e21d$c5b0c840$931576d8@inethouston.net> References: <003001c0e21c$149dee30$632807d8@prosser.bentonrea.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes and to do that you have to allow all ip traffic between the two. It
encrypts all the layers above layer 3 so it has no idea what protocol or
port you are trying to access so the firewall only sees layer 3(ip) and has
to make its decision based on that and only that.
----- Original Message -----
From: "Brandt Everett" <everett@bentonrea.com>
To: "'David W. Chapman Jr.'" <dwcjr@inethouston.net>;
<freebsd-stable@FreeBSD.ORG>
Sent: Monday, May 21, 2001 12:32 PM
Subject: RE: ESP between two FreeBSD boxes
> Yeap got that. but I'm not trying to setup a tunnel (got that part work)
I
> just want encrypted payload between these two specific machines.
>
> Brandt Everett
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> phone: 1-800-398-1232 x 234
> webpage: www.bentonrea.com
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>
> > -----Original Message-----
> > From: owner-freebsd-stable@FreeBSD.ORG
> > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of David W. Chapman
> > Jr.
> > Sent: Monday, May 21, 2001 10:23 AM
> > To: Brandt Everett; freebsd-stable@FreeBSD.ORG
> > Subject: Re: ESP between two FreeBSD boxes
> >
> >
> > Do you have a firewall setup. If so you have to allow all ip
> > traffic from
> > one to the other on boths sides.
> >
> > ie allow all from 192.168.0.0/24 to 192.168.1.0/24
> > allow all from 192.168.1.0/24 to 192.168.0.0/24
> > ----- Original Message -----
> > From: "Brandt Everett" <everett@bentonrea.com>
> > To: <freebsd-stable@FreeBSD.ORG>
> > Sent: Monday, May 21, 2001 12:19 PM
> > Subject: ESP between two FreeBSD boxes
> >
> >
> > > I am trying to setup a simple encrypted communication between two
> > machines,
> > > but when ever I set it up, communication stops between
> > them. Below are my
> > > setkey commands. I am at a loss. Can anyone help me out?
> > >
> > > Thanks
> > >
> > > Brandt Everett
> > >
> > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > > phone: 1-800-398-1232 x 234
> > > webpage: www.bentonrea.com
> > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > >
> > >
> > >
> > > Machine A
> > > /usr/sbin/setkey -c << EOF
> > > spdadd ${boxcar} ${hercules} any -P out ipsec
> > > esp/transport/${boxcar}-${hercules}/require;
> > > spdadd ${hercules} ${boxcar} any -P in ipsec
> > > esp/transport/${hercules}-${boxcar}/require;
> > > add ${boxcar} ${hercules} esp 12345 -E blowfish-cbc
> > "somethingsecret";
> > > add ${hercules} ${boxcar} esp 12346 -E blowfish-cbc
> > "somethingsecret";
> > > EOF
> > >
> > >
> > > Machine B
> > > /usr/sbin/setkey -c << EOF
> > > spdadd ${hercules} ${boxcar} any -P out ipsec
> > > esp/transport/${hercules}-${boxcar}/require;
> > > spdadd ${boxcar} ${hercules} any -P in ipsec
> > > esp/transport/${boxcar}-${hercules}/require;
> > > add ${boxcar} ${hercules} esp 12345 -E blowfish-cbc
> > "somethingsecret";
> > > add ${hercules} ${boxcar} esp 12346 -E blowfish-cbc
> > "somethingsecret";
> > > EOF
> > >
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-stable" in the body of the message
> > >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-stable" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01f601c0e21d$c5b0c840$931576d8>