From owner-freebsd-security Thu Jan 24 11:22:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe50.law12.hotmail.com [64.4.18.22]) by hub.freebsd.org (Postfix) with ESMTP id 4536837B400 for ; Thu, 24 Jan 2002 11:22:08 -0800 (PST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 24 Jan 2002 11:22:07 -0800 X-Originating-IP: [24.20.227.61] From: "Lawrence Sica" To: References: <200201241847.AHX10883@vmms1.verisignmail.com> <3C50588C.7200324B@centtech.com> <3C505B52.58822BEC@centtech.com> Subject: Re: Can't set up an IPsec tunnel. Date: Thu, 24 Jan 2002 11:22:27 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: X-OriginalArrivalTime: 24 Jan 2002 19:22:07.0969 (UTC) FILETIME=[6A007510:01C1A50C] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Eric Anderson" To: "Lawrence Sica" Cc: "dr3node" ; Sent: Thursday, January 24, 2002 11:06 AM Subject: Re: Can't set up an IPsec tunnel. > Can you post that here? Any changes you needed to make to allow the ESP to be > passed, and any tricks you needed to know to do it? > I'll look up my notes, I used an article on daemonnews as my basis but i do remember having to allow with ipfw esp to pass throught ipfw add allow esp from any to any for example Also some udp stuff too, the ports are in /etc/services...and /etc/protocols has info on esp you needto let through. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message