From owner-freebsd-hackers@FreeBSD.ORG  Wed Apr 16 05:36:23 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5AC0837B401; Wed, 16 Apr 2003 05:36:23 -0700 (PDT)
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 86EAC43F93; Wed, 16 Apr 2003 05:36:22 -0700 (PDT)
	(envelope-from nectar@celabo.org)
Received: from madman.celabo.org (madman.celabo.org [10.0.1.111])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK))
	by gw.nectar.cc (Postfix) with ESMTP
	id D88FE38; Wed, 16 Apr 2003 07:36:21 -0500 (CDT)
Received: by madman.celabo.org (Postfix, from userid 1001)
	id 3AE7278C44; Wed, 16 Apr 2003 07:36:21 -0500 (CDT)
Date: Wed, 16 Apr 2003 07:36:21 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: "Crist J. Clark" <cjc@FreeBSD.org>
Message-ID: <20030416123621.GC72501@madman.celabo.org>
Mail-Followup-To: "Jacques A. Vidrine" <nectar@FreeBSD.org>,
	"Crist J. Clark" <cjc@FreeBSD.org>, freebsd-hackers@FreeBSD.org
References: <20030410161511.GA25681@madman.celabo.org>
	<20030416052335.GA2519@blossom.cjclark.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030416052335.GA2519@blossom.cjclark.org>
X-Url: http://www.celabo.org/
User-Agent: Mutt/1.5.3i-ja.1
cc: freebsd-hackers@FreeBSD.org
Subject: Re: Single IP host and IPsec tunnel mode experience
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Apr 2003 12:36:23 -0000

On Tue, Apr 15, 2003 at 10:23:35PM -0700, Crist J. Clark wrote:
> 'uname -a'?

The endpoints were both 4.7.

> I can't reproduce this on a 4.8 to 4.7 tunnel. On
> 192.168.64.70,
> 
>   spdadd 192.168.64.70/32 10.0.0.0/24 any -P out
> 	ipsec esp/tunnel/192.168.64.70-192.168.64.20/require;
>   spdadd 10.0.0.0/24 192.168.64.70/32 any -P  in
> 	ipsec esp/tunnel/192.168.64.20-192.168.64.70/require;
> 
> And on 192.168.64.20, the gateway to 10.0.0.0/24,
> 
>   spdadd 192.168.64.70/32 10.0.0.0/24 any -P  in
> 	ipsec esp/tunnel/192.168.64.70-192.168.64.20/require;
>   spdadd 10.0.0.0/24 192.168.64.70/32 any -P out
> 	ipsec esp/tunnel/192.168.64.20-192.168.64.70/require;
> 
> Works fine.

Hmm, yes, that appears to be exactly what I'm trying to do.  Well,
that's heartening ... it means that there is likely some anomoly in my
environment that is hosing me.  Now if only I can figure what it is :-)
-- 
Jacques A. Vidrine <nectar@celabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se