Date: Fri, 24 Nov 2006 11:46:39 +0100 From: lupe@lupe-christoph.de (Lupe Christoph) To: Jordan Ostreff <jostreff@mobikom.com> Cc: freebsd-security@freebsd.org, freebsd-net@freebsd.org Subject: Re: which windows software can communicate with ipsec(racoon)? Message-ID: <20061124104639.GB11099@lupe-christoph.de> In-Reply-To: <4566BF05.7030500@mobikom.com> References: <380d4510611192317g3c9e415al61494e5979b3f282@mail.gmail.com> <45615A05.6060009@optim.com.ru> <4566BF05.7030500@mobikom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday, 2006-11-24 at 11:44:37 +0200, Jordan Ostreff wrote: > Cisco VPN uses by default udp communication not TCP - maybe this is > related to your problem. IPSec normally uses AH and ESP which are protocols in the same layer as UDP and TCP. The protocol numbers are 51 and 50. If a firewall blocks all protocols besides UDP and TCP, and filters those protocols by ports, you can only use UDP encapsulation. I never tried to do this with FreeBSD, though. Dunno if the kernel can do that. I didn't find such a thing in the setkey manpage on 5.3. It mentions TCP, though. HTH, Lupe Christoph -- | You know we're sitting on four million pounds of fuel, one nuclear | | weapon and a thing that has 270,000 moving parts built by the lowest | | bidder. Makes you feel good, doesn't it? | | Rockhound in "Armageddon", 1998, about the Space Shuttle |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061124104639.GB11099>