Skip site navigation (1)Skip section navigation (2) 
Date:      31 Oct 2002 10:13:57 +0000
From:      Wayne Pascoe <freebsd@penguinpowered.org.uk>
To:        freebsd-questions@freebsd.org
Subject:   VPN Not working
Message-ID:  <86d6pqud96.fsf@marvin.penguinpowered.org.uk>
index | next in thread | raw e-mail 

Hi all,

I'm trying to setup up Tunneling VPN between two FreeBSD boxes.
I have network A talking through gateway A to Network B via gateway B

Network A IP Range - 192.168.11.0/24
Network B IP Range - 192.168.12.0/24

Gateway A Internal IP Address - 192.168.11.1
Gateway A External IP Address - 192.168.10.1

Gateway B Internal IP Address - 192.168.12.1
Gateway B External IP Address - 192.168.10.2

I have ip forwarding setup and with the VPN down, a machine behind the
first gateway, 192.168.11.2 can ping a machine behind the second
gateway, 192.168.12.2. As soon as I start the VPN up though, they
can't talk at all any more. Not ssh, not ping, not anything.

I am using the following scripts on Gateway A and B respectively to
start my VPN

#!/bin/bash
setkey -c <<EOF
spadd 192.168.11.0/24 192.168.12.0/24 any -P out ipsec \
ah/tunnel/192.168.10.1-192.168.10.2/require ;
spadd 192.168.12.0/24 192.168.11.0/24 any -P in ipsec \
ah/tunnel/192.168.10.1-192.168.10.2/require ;
add 192.168.10.1 192.168.10.2 ah-old 0x10003 -m any \
-A keyed-md5 "this is the test"
add 192.168.10.2 192.168.10.1 ah-old 0x10004 -m any \
-A keyed-md5 "this is the test"

#!/bin/bash
setkey -c <<EOF
spadd 192.168.12.0/24 192.168.11.0/24 any -P out ipsec \
ah/tunnel/192.168.10.1-192.168.10.2/require ;
spadd 192.168.11.0/24 192.168.12.0/24 any -P in ipsec \
ah/tunnel/192.168.10.1-192.168.10.2/require ;
add 192.168.10.1 192.168.10.2 ah-old 0x10003 -m any \
-A keyed-md5 "this is the test"
add 192.168.10.2 192.168.10.1 ah-old 0x10004 -m any \
-A keyed-md5 "this is the test"

Anyone have any ideas ? 

TIA,

-- 
- Wayne Pascoe 
    Yoohoo... I'll make you famous
    

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86d6pqud96.fsf>