From owner-freebsd-security  Thu Jan 24 10:47:54 2002
Delivered-To: freebsd-security@freebsd.org
Received: from vmmr1.verisignmail.com (vmmr1.verisignmail.com [216.168.230.137])
	by hub.freebsd.org (Postfix) with ESMTP id 926EA37B400
	for <freebsd-security@freebsd.org>; Thu, 24 Jan 2002 10:47:49 -0800 (PST)
Received: from vmms1.verisignmail.com (vmms1.verisignmail.com [10.166.0.138])
	by vmmr1.verisignmail.com (Mirapoint)
	with ESMTP id ABO53100;
	Thu, 24 Jan 2002 13:47:48 -0500 (EST)
Received: from there ([212.16.11.122])
	by vmms1.verisignmail.com (Mirapoint)
	with SMTP id AHX10883;
	Thu, 24 Jan 2002 13:47:46 -0500 (EST)
Message-Id: <200201241847.AHX10883@vmms1.verisignmail.com>
Content-Type: text/plain;
  charset="koi8-r"
From: dr3node <rtfm@webburo.ru>
To: freebsd-security@freebsd.org
Subject: Re: Can't set up an IPsec tunnel.
Date: Thu, 24 Jan 2002 21:43:49 +0300
X-Mailer: KMail [version 1.3.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

i've read everything i could find.
that is the latest try:
Remote host:

ifconfig gif0 create tunnel 222.222.22.2 111.111.11.1
ifconfig gif0 inet 222.222.22.2 192.168.0.1 netmask 0xffffff00
setkey -FP
setkey -F
ipsec.conf:
//
spdadd 0.0.0.0/0 192.168.0.0/24 any -P out ipsec
esp/tunnel/222.222.22.2-111.111.11.1/require;
spdadd 192.168.0.0/24 0.0.0.0/0  any -P in ipsec
esp/tunnel/111.111.11.1-222.222.22.2/require;
//
+ racoon with the keys in /usr/local/etc/racoon/psk.txt
setkey -f /etc/ipsec.conf

Local gateway:

ifconfig fxp0 111.111.11.1 netmask 0xffffffff alias
ifconfig gif0 create tunnel 111.111.11.1 222.222.22.2
ifconfig gif0 inet 192.168.0.1 222.222.22.2 netmask 0xffffff00
setkey -FP
setkey -F

ipsec.conf:
//
spdadd  192.168.0.0/24 0.0.0.0/0 any -P out ipsec
esp/tunnel/111.111.11.1-222.222.22.2/require;
spdadd 0.0.0.0/0 192.168.0.0/24 any -P in ipsec
esp/tunnel/222.222.22.2-111.111.11.1/require;
//

+ racoon with the keys in /usr/local/etc/racoon/psk.txt
setkey -f /etc/ipsec.conf
and the connection on the gate drops down.
the error is: /kernel: gif_output: recursively called too many times(2)


i'm wondering what if any troubles because of that RedHat gate with the
masquarade or because of my stupidy.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message