From owner-freebsd-net@FreeBSD.ORG  Wed Jun 23 08:58:34 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F35D01065678
	for <freebsd-net@freebsd.org>; Wed, 23 Jun 2010 08:58:34 +0000 (UTC)
	(envelope-from vanhu@zeninc.net)
Received: from smtp.zeninc.net (smtp.zeninc.net [80.67.176.25])
	by mx1.freebsd.org (Postfix) with ESMTP id DA58E8FC26
	for <freebsd-net@freebsd.org>; Wed, 23 Jun 2010 08:58:33 +0000 (UTC)
Received: from astro.zen.inc (astro.zen.inc [192.168.1.239])
	by smtp.zeninc.net (smtpd) with ESMTP id BAAA42798BC;
	Wed, 23 Jun 2010 10:58:31 +0200 (CEST)
Received: by astro.zen.inc (Postfix, from userid 1000)
	id A4E5617063; Wed, 23 Jun 2010 10:58:31 +0200 (CEST)
Date: Wed, 23 Jun 2010 10:58:31 +0200
From: VANHULLEBUS Yvan <vanhu@FreeBSD.org>
To: ralf@dzie-ciuch.pl
Message-ID: <20100623085831.GA74559@zeninc.net>
References: <20100622201130.5824d585@gda-arsenic>
	<20100622182242.GU2620@verio.net>
	<20100622204107.6c604c17@gda-arsenic>
	<e0ec3f73645a733f318ba5664abf6472@ewipo.pl>
	<20100623080555.GB74303@zeninc.net>
	<5e8d1141ecf3d922c00114e41585a67f@ewipo.pl>
	<20100623083228.GA74453@zeninc.net>
	<a5c9ad94743d6f4d709ce181fb5b1894@ewipo.pl>
	<20100623084519.GA74491@zeninc.net>
	<dd3c900149350c5a4cb20b50d8f84741@ewipo.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <dd3c900149350c5a4cb20b50d8f84741@ewipo.pl>
User-Agent: All mail clients suck. This one just sucks less.
Cc: freebsd-net@freebsd.org
Subject: Re:     vpn trouble
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2010 08:58:35 -0000

On Wed, Jun 23, 2010 at 10:52:19AM +0200, ralf@dzie-ciuch.pl wrote:
[....]
> When on one console i type tcpdump -i gif0 I don't receive any values!
> So I thing I should set route do it right?
> 
> Can you tell me how to do it?
> 
> netstat -rn print something like this:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            78.x.x.x     UGS         3 49544466   bce1
> 10.10.1.90         10.20.0.1          UH       2238    13439   gif0
> 
> Is it ok? or I do something wrong?

Check with your peer's configuration, but using such extra IP-IP
encapsulation (via gif interfaces on FreeBSD) is NOT the usual way of
setting up IPsec tunnels....


If your peer expects usual IPsec setups, you should just have SPD
entries as specified in your very first mails.


Yvan.