From owner-freebsd-net@FreeBSD.ORG Sun May 9 07:02:20 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 833BD16A4CF for ; Sun, 9 May 2004 07:02:20 -0700 (PDT) Received: from mta04-svc.ntlworld.com (mta04-svc.ntlworld.com [62.253.162.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id BB87F43D31 for ; Sun, 9 May 2004 07:02:19 -0700 (PDT) (envelope-from jon@witchspace.com) Received: from witchspace.com ([81.110.67.239]) by mta04-svc.ntlworld.com (InterMail vM.4.01.03.37 201-229-121-137-20020806) with SMTP id <20040509140143.UJCY26823.mta04-svc.ntlworld.com@witchspace.com> for ; Sun, 9 May 2004 15:01:43 +0100 Received: (qmail 8921 invoked from network); 9 May 2004 14:02:17 -0000 Received: from unknown (HELO webmail.local) (127.0.0.1) by localhost.witchspace.com with SMTP; 9 May 2004 14:02:17 -0000 Received: from 192.168.0.1 (SquirrelMail authenticated user jon) by webmail.local with HTTP; Sun, 9 May 2004 15:02:17 +0100 (BST) Message-ID: <3099.192.168.0.1.1084111337.squirrel@webmail.local> Date: Sun, 9 May 2004 15:02:17 +0100 (BST) From: "Jonathan Belson" To: freebsd-net@freebsd.org User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal Subject: Outstanding issues with ipsec under 5.2.1? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 May 2004 14:02:20 -0000 Hiya I've just spent a few hours trying to set up a working ipsec tunnel between a wireless laptop and my server. As a first step, I set up a tunnel between two machines on the same (wired) subnet, one running -STABLE and the other 4.8-RELEASE. Apart from haivng to fix a couple of typos, it work pretty much first time. When I tried using the same config between the laptop and server (having changed the appropriate IPs), the connection always timed out in phase 1 of the negotiation. I can only thing of two differences between the set ups: a. The wireless link has a wireless access point in between the two machines, ie. laptop (192.168.1.10) <-> AP (192.168.1.5) <-> server (192.168.1.100). The default route is set to 0.0.0.0. Without ipsec the connection works fine. b. The laptop is running 5.2.1-RELEASE. I remember reading there were some outstanding issues with ipsec under 5.x, could they be responsible for this problem? Cheers, -- Jon