From owner-freebsd-net@FreeBSD.ORG Thu Jul 16 06:14:57 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFFB21065672 for ; Thu, 16 Jul 2009 06:14:57 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from marvin.harmless.hu (marvin.harmless.hu [195.56.55.204]) by mx1.freebsd.org (Postfix) with ESMTP id ACC2C8FC17 for ; Thu, 16 Jul 2009 06:14:57 +0000 (UTC) (envelope-from phoemix@harmless.hu) Received: from [217.150.130.134] (helo=unknown) by marvin.harmless.hu with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1MRKF5-000H7b-9o; Thu, 16 Jul 2009 08:14:55 +0200 Date: Thu, 16 Jul 2009 08:14:52 +0200 From: Gergely CZUCZY To: Jigar SOLANKI Message-ID: <20090716081452.0000693d@unknown> In-Reply-To: <52bc9f190907151757w313175acxa40d4eae656a8345@mail.gmail.com> References: <20090715181703.00006c68@unknown> <52bc9f190907151757w313175acxa40d4eae656a8345@mail.gmail.com> Organization: Harmless Digital Bt X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.0; i586-pc-mingw32msvc) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: Czuczy Gergely Cc: Gergely CZUCZY , freebsd-net@freebsd.org Subject: Re: IPsec tunnel help X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jul 2009 06:14:58 -0000 Thanks, this solved the problem. I think i was too tired and was producing layer8 issues :) Another question, what does the AES mean for racoon, is it AES256 or AES128? I've seen both at some ipsec devices, and I haven't seen the cipher size specified here. On Thu, 16 Jul 2009 02:57:43 +0200 Jigar SOLANKI wrote: > Hi, > > I think that you can't see any outgoing traffic because there is no > spd rule that matches any outgoing traffic ( from site A, ie you > freebsd box) : this just comes from your second spd rule where "in" > should be "out" : > > Try to replace the second rule: > > spdadd 192.168.0.0/24 192.168.1.64/32 any -P in ipsec > esp/tunnel/217.150.138.138-217.150.130.163/unique; > > > By : > > > spdadd 192.168.0.0/24 192.168.1.64/32 any -P out ipsec > esp/tunnel/217.150.138.138-217.150.130.163/unique; > > > Hope this helps. :-) > > Regards, > > -- > SOLANKI Jigar > --- > -- Sincerely, Gergely CZUCZY Harmless Digital Bt +36-30-9702963