From owner-freebsd-questions@FreeBSD.ORG Wed May 18 11:01:46 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D5FCD16A4CE for ; Wed, 18 May 2005 11:01:46 +0000 (GMT) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id A3E9B43DBE for ; Wed, 18 May 2005 11:01:45 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1DYMIJ-00028W-Fl for freebsd-questions@freebsd.org; Wed, 18 May 2005 13:00:55 +0200 Received: from dsl-62-3-100-125.zen.co.uk ([62.3.100.125]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 18 May 2005 13:00:55 +0200 Received: from darenr by dsl-62-3-100-125.zen.co.uk with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 18 May 2005 13:00:55 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Daren Russell Date: Wed, 18 May 2005 12:00:23 +0100 Lines: 34 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: dsl-62-3-100-125.zen.co.uk User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050404) X-Accept-Language: en-us, en In-Reply-To: Sender: news Subject: Re: IPSec and Racoon between 5.4 and 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 11:01:46 -0000 Daren Russell wrote: > Hi, > > We have a VPN between two FBSD machines using IPSEC and Racoon. I > managed to put this together a couple of years back with (getting) old > hardware, although I am certainly no expert. One of the machines is > about to be replaced as it is occasionally conking out, and I though I > would try the 5.4 release on the new hardware (both existing machines > are running 4.9) > > I have setup internally the layout and effectively replicated the > configs of both machines (except for the one being 5.4, and a second > running 4.11 instead of 4.9), but I cannot get them talking. The > configs for Racoon/IPSec/psk have been transferred over with zero > changes. The 5.4 machine is using standard IPSEC (not FAST_IPSEC), and > a standard tunnel works fine. It's as soon as IPSec/Racoon is brought > in that it falls over. > > Has anybody got 5.4 <-> 4.11 talking in this config, or does anybody > know of any pitfalls because of kernel changes? > > The only other thing is the 5.4 machine is running amd64. > Just as a follow up for the archives: I re-installed using the i386 arch (the machine was amd64) and with the exact same config files, the VPN came straight up. I guess there is an issue with running racoon on amd64 at the moment. Maybe this will help anybody else considering this setup. Regards Daren