Date: Thu, 09 Nov 2000 22:43:12 +0000 From: Brian Somers <brian@Awfulhak.org> To: Julian Elischer <julian@elischer.org> Cc: Mike <mikey@kappaisle.com>, freebsd-questions@FreeBSD.ORG, freebsd-net@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: VPN over PPPoE Message-ID: <200011092243.eA9MhCB00794@hak.lan.Awfulhak.org> In-Reply-To: Message from Julian Elischer <julian@elischer.org> of "Thu, 09 Nov 2000 14:24:54 PST." <3A0B2436.EEC5188D@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Mike wrote:
> >
> > Hi all,
> >
> > Has anyone ever successfully configured VPN (using IPSec protocol) over
> > PPPoE connection? I have 1 VPN configured over 2 locations with T1
> > connections without any problem (using the KAME IPSec on FreeBSD
> > 4.1.1). However, when I tried the same configuration with the 3rd
> > location running DSL, it seems the IPSec packets can't reach out via tun0
> > device.
>
> how are the T1 lines connected?
> more details on the pppoe connection might be good too..
> do you used the netgraph pppoe or the user-land pppoe front-end?
>
> ppp over pppoe uses a slightly reduced MTU
> that may have something to do with it, but I doubt it..
>
> have you tried ipsec over ppp with a dialup connection (if you have
> one)?
> maybe it's the ppp program having an argument with ipsec?
> (One for Brian really..)
> (I presume the pppoe connection is otherwise working ok)..
At the moment there *may* be problems with IPSEC if you've got ``nat
deny_incoming yes'' in your config. If this is the case, Ruslan is
about to commit a fix (I've reviewed it and given the ok w/ some ppp
patches). If not, there's no known problems with ppp & IPSEC.
> > I've searched through the FAQ and mailing lists, and seen people suggest
> > "pipsecd" for VPN over PPPoE. However, I do prefer using KAME IPSec for
> > this type of implementation, and hope that someone can point me to some
> > lights.
> >
> > Thank you all!
> >
> > Mike
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message
>
> --
> __--_|\ Julian Elischer
> / \ julian@elischer.org
> ( OZ ) World tour 2000
> ---> X_.---._/ presently in: Budapest
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011092243.eA9MhCB00794>