From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 10 12:12:36 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ADFD937B401
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Jul 2003 12:12:36 -0700 (PDT)
Received: from hotmail.com (law12-oe53.law12.hotmail.com [64.4.18.46])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2B02C43F75
	for <freebsd-questions@freebsd.org>;
	Thu, 10 Jul 2003 12:12:36 -0700 (PDT)
	(envelope-from company2210@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Thu, 10 Jul 2003 12:12:36 -0700
Received: from 81.17.78.42 by law12-oe53.law12.hotmail.com with DAV;
	Thu, 10 Jul 2003 19:12:35 +0000
X-Originating-IP: [81.17.78.42]
X-Originating-Email: [company2210@hotmail.com]
From: "Company 2210" <company2210@hotmail.com>
To: <freebsd-questions@freebsd.org>
Date: Thu, 10 Jul 2003 20:12:33 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <Law12-OE53j0aImPiZx000476f2@hotmail.com>
X-OriginalArrivalTime: 10 Jul 2003 19:12:36.0075 (UTC)
	FILETIME=[38E35BB0:01C34717]
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Racoon / VPN problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jul 2003 19:12:37 -0000

I have two freebsd 5.0 boxes authenticating at stage one of the VPN, =
however stage 2 fails. with:=20

ph2begin_r(): respond new phase 2 negotiation: =
10.0.0.1[0]<=3D>10.0.0.2[0]
get_proposal_r(): no policy found: 10.0.0.2/32[0] 0.0.0.0/0[0] =
proto=3Dany dir=3Din
quick_r1recv(): failed to get proposal for responder.
_ph2begin_r(): failed to pre-process packet.=20

I'm a bit new too this, so I'm guessing the lack of a policy refers to =
my SPD Database. Setkey -DP looks like this:

0.0.0.0/0[any] 10.0.0.1[any] any
    in ipsec
    esp/tunnel/10.0.0.2-10.0.0.1/require
    spid=3D19 seq=3D1 pid=3D770
    refcnt=3D1

10.0.0.1[any] 0.0.0.0/0[any] any
    out ipsec
    esp/tunnel/10.0.0.1-10.0.0.2/require
    spid=3D18 seq=3D0 pid=3D770
    refcnt=3D1

As I understand it, this means all packets heading too or from 10.0.0.1 =
must be encapsulated (which is what I want, as I'm running a VPN between =
too FreeBSD gateway boxes). If I replace the 0.0.0.0/0 with the IP of =
the other boxes inteface (i.e. 10.0.0.2) the VPN works between =
10.0.0.1<->10.0.0.2, but other traffic from other interfaces is not =
encrypted. Any help in resolving/understanding this issue is greatly =
appericated.

Many Thanks

Colin