Date: Thu, 28 Jun 2001 09:58:14 +0100 (BST) From: =?iso-8859-1?q?Gavin=20Kenny?= <gavinkenny@yahoo.co.uk> To: jim@compete.com Cc: questions@freebsd.org Subject: Re: VPN setup Message-ID: <20010628085814.79212.qmail@web20008.mail.yahoo.com> In-Reply-To: <20010627144827.A3306@cartman.boston.geekhouse.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Jim Mock <jim@compete.com> wrote: > On Wed, 27 Jun 2001 at 12:59:05 -0400, Jim Mock > wrote: > > On Wed, 27 Jun 2001 at 17:44:34 +0100, Gavin Kenny > wrote: > > > Jim, > > > > > > Have you set up the Security Associations? > > > > > > you have used spdadd which sets up you security > policy (i.e. if you > > > want to send a packet from A to B encrypt it) > > > > > > But you also need the SA's to tell IPSec what > algorythms to use and > > > what keys to use. It is dead easy if you are > prepared to set them up > > > manually, lots harder if you want to use IKE (so > I'm told). > > > > Ah ha. I didn't do that. I wouldn't even have > posted if I saw the > > link to the diary article (that's what I get for > not reading my mail > > first, I guess :-). > > > > Thanks for the tip. > > Ok, after reading through the diary article, I > scrapped what I had > before and decided to follow it. The only > difference between my setup > and the setup in the diary is the VPN IPs. For the > machine here, I used > 192.168.1.254, and for the machine in SF I used > 192.168.3.254. I can't > ping either from either machine. Is this normal? > > - jim > Are you using a firewall?? When I set up my VPN I had a lack of ping capability which was worrying until I found the firewall was configured to stop all pings! Another thing with Firewalls, I found that IPSec wanted to use a port that was the same as the ID number I had assigned in the Security Associations, I didn't look into this in detail but it means you have to open that port in order to get your VPN to work. How have you set up your VPN? I'd reccommend using transport mode and just going from gateway to gateway only, get that running and then it is easier to expand. If you are still having problems post your SA's and SPD's. Another trick which makes life easier is to put all your add's and spdadds, into a file, you then just load them up using setkey -f <filename> saves a bit of typing. Gavin ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010628085814.79212.qmail>