From owner-freebsd-net@FreeBSD.ORG Fri Nov 24 10:46:51 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9199A16A407; Fri, 24 Nov 2006 10:46:51 +0000 (UTC) (envelope-from lupe@lupe-christoph.de) Received: from buexe.b-5.de (buexe.b-5.de [84.19.0.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2873143D5A; Fri, 24 Nov 2006 10:46:09 +0000 (GMT) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de (antalya.lupe-christoph.de [172.17.0.9]) by buexe.b-5.de (8.13.4/8.13.4/b-5/buexe-3.6.3) with ESMTP id kAOAkmWd013070; Fri, 24 Nov 2006 11:46:48 +0100 Received: from localhost (localhost [127.0.0.1]) by antalya.lupe-christoph.de (Postfix) with ESMTP id 456DB34528; Fri, 24 Nov 2006 11:46:43 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at lupe-christoph.de Received: from antalya.lupe-christoph.de ([127.0.0.1]) by localhost (antalya.lupe-christoph.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id iX0L9HyYhHM4; Fri, 24 Nov 2006 11:46:39 +0100 (CET) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 4FB4C34527; Fri, 24 Nov 2006 11:46:39 +0100 (CET) Date: Fri, 24 Nov 2006 11:46:39 +0100 To: Jordan Ostreff Message-ID: <20061124104639.GB11099@lupe-christoph.de> Mail-Followup-To: Jordan Ostreff , freebsd-security@freebsd.org, freebsd-net@freebsd.org References: <380d4510611192317g3c9e415al61494e5979b3f282@mail.gmail.com> <45615A05.6060009@optim.com.ru> <4566BF05.7030500@mobikom.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4566BF05.7030500@mobikom.com> User-Agent: Mutt/1.5.13 (2006-08-11) From: lupe@lupe-christoph.de (Lupe Christoph) Cc: freebsd-security@freebsd.org, freebsd-net@freebsd.org Subject: Re: which windows software can communicate with ipsec(racoon)? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Nov 2006 10:46:51 -0000 On Friday, 2006-11-24 at 11:44:37 +0200, Jordan Ostreff wrote: > Cisco VPN uses by default udp communication not TCP - maybe this is > related to your problem. IPSec normally uses AH and ESP which are protocols in the same layer as UDP and TCP. The protocol numbers are 51 and 50. If a firewall blocks all protocols besides UDP and TCP, and filters those protocols by ports, you can only use UDP encapsulation. I never tried to do this with FreeBSD, though. Dunno if the kernel can do that. I didn't find such a thing in the setkey manpage on 5.3. It mentions TCP, though. HTH, Lupe Christoph -- | You know we're sitting on four million pounds of fuel, one nuclear | | weapon and a thing that has 270,000 moving parts built by the lowest | | bidder. Makes you feel good, doesn't it? | | Rockhound in "Armageddon", 1998, about the Space Shuttle |