From owner-freebsd-hackers@FreeBSD.ORG Wed Apr 16 05:36:23 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5AC0837B401; Wed, 16 Apr 2003 05:36:23 -0700 (PDT) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 86EAC43F93; Wed, 16 Apr 2003 05:36:22 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.nectar.cc (Postfix) with ESMTP id D88FE38; Wed, 16 Apr 2003 07:36:21 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id 3AE7278C44; Wed, 16 Apr 2003 07:36:21 -0500 (CDT) Date: Wed, 16 Apr 2003 07:36:21 -0500 From: "Jacques A. Vidrine" To: "Crist J. Clark" Message-ID: <20030416123621.GC72501@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , "Crist J. Clark" , freebsd-hackers@FreeBSD.org References: <20030410161511.GA25681@madman.celabo.org> <20030416052335.GA2519@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030416052335.GA2519@blossom.cjclark.org> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 cc: freebsd-hackers@FreeBSD.org Subject: Re: Single IP host and IPsec tunnel mode experience X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2003 12:36:23 -0000 On Tue, Apr 15, 2003 at 10:23:35PM -0700, Crist J. Clark wrote: > 'uname -a'? The endpoints were both 4.7. > I can't reproduce this on a 4.8 to 4.7 tunnel. On > 192.168.64.70, > > spdadd 192.168.64.70/32 10.0.0.0/24 any -P out > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require; > spdadd 10.0.0.0/24 192.168.64.70/32 any -P in > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require; > > And on 192.168.64.20, the gateway to 10.0.0.0/24, > > spdadd 192.168.64.70/32 10.0.0.0/24 any -P in > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require; > spdadd 10.0.0.0/24 192.168.64.70/32 any -P out > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require; > > Works fine. Hmm, yes, that appears to be exactly what I'm trying to do. Well, that's heartening ... it means that there is likely some anomoly in my environment that is hosing me. Now if only I can figure what it is :-) -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se