Date: Thu, 16 Jul 2009 08:14:52 +0200 From: Gergely CZUCZY <gergely.czuczy@harmless.hu> To: Jigar SOLANKI <sol4nki@gmail.com> Cc: Gergely CZUCZY <phoemix@harmless.hu>, freebsd-net@freebsd.org Subject: Re: IPsec tunnel help Message-ID: <20090716081452.0000693d@unknown> In-Reply-To: <52bc9f190907151757w313175acxa40d4eae656a8345@mail.gmail.com> References: <20090715181703.00006c68@unknown> <52bc9f190907151757w313175acxa40d4eae656a8345@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks, this solved the problem. I think i was too tired and was producing layer8 issues :) Another question, what does the AES mean for racoon, is it AES256 or AES128? I've seen both at some ipsec devices, and I haven't seen the cipher size specified here. On Thu, 16 Jul 2009 02:57:43 +0200 Jigar SOLANKI <sol4nki@gmail.com> wrote: > Hi, > > I think that you can't see any outgoing traffic because there is no > spd rule that matches any outgoing traffic ( from site A, ie you > freebsd box) : this just comes from your second spd rule where "in" > should be "out" : > > Try to replace the second rule: > > spdadd 192.168.0.0/24 192.168.1.64/32 any -P in ipsec > esp/tunnel/217.150.138.138-217.150.130.163/unique; > > > By : > > > spdadd 192.168.0.0/24 192.168.1.64/32 any -P out ipsec > esp/tunnel/217.150.138.138-217.150.130.163/unique; > > > Hope this helps. :-) > > Regards, > > -- > SOLANKI Jigar > --- > -- Sincerely, Gergely CZUCZY Harmless Digital Bt +36-30-9702963
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090716081452.0000693d>