From owner-freebsd-net  Wed Nov 15  8:54:24 2000
Delivered-To: freebsd-net@freebsd.org
Received: from papoose.quick.com (unknown [199.120.187.2])
	by hub.freebsd.org (Postfix) with ESMTP id 8D96337B4CF
	for <freebsd-net@freebsd.org>; Wed, 15 Nov 2000 08:54:19 -0800 (PST)
Received: (from jq@localhost)
	by papoose.quick.com (8.10.1/8.10.1) id eAFGsCC24802
	for freebsd-net@freebsd.org; Wed, 15 Nov 2000 11:54:12 -0500 (EST)
Message-Id: <200011151654.eAFGsCC24802@papoose.quick.com>
MIME-Version: 1.0 (NeXT Mail 3.3 v118.2)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
In-Reply-To: <5.0.0.25.0.20000923105128.02ee5840@mail.Go2France.com>
X-Nextstep-Mailer: Mail 3.3 (Enhance 2.2p1)
Received: by NeXT.Mailer (1.118.2)
From: "James E. Quick" <jq@quick.com>
Date: Wed, 15 Nov 2000 11:54:11 -0500
To: freebsd-net@freebsd.org
Subject: I need help with IPSEC
Reply-To: jq@quick.com
References: <5.0.0.25.0.20000923105128.02ee5840@mail.Go2France.com>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I am in desperate need of help with IPSEC.
I have a pair of firewalls configured with:
IPSEC
IPSEC_ESP
IPSEC_DEBUG

I started with an attempt using raccoon, then backed off
to using manually added entries via skey.
I do not see anything in racoon output that looks like an
error.

The remote end of the gateway is a box running 4.1.1-STABLE.
It has a single public IP address via a cable modem with
172.16.1.x addresses behind it.
My endpoint is running 4.2-BETA and has an ISP provided /30
subnet externally, with my publicly routable Class C behind.

I note that when I try to reach any 172.16.1 address
with either form of IPSEC configured I get 'No route to host'
errors.  This suggests that IPSEC is not encapsulating anything.

I would appreciate hearing from anyone who has set up esp
style tunnels between either 2 FreeBSDs or between FreeBSD and
anything else.

There must be something trivial that I am overlooking, because
I am not seeing anything that looks like an error.

We are both running ipfilt on our ends.
The remote site is also running simple ipnat configuration.
---
  ___ ___ | James E. Quick
   / /  / | Quick & Associates              NeXTMail O.K.
\_/ (_\/  | If only the HMO would cover my allergy to gravity.
       )  | 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message