Date: Tue, 20 Jun 2006 11:17:14 +1000 From: Michael Vince <mv@thebeastie.org> To: Brian Candler <B.Candler@pobox.com> Cc: net@freebsd.org Subject: Re: VPN with FAST_IPSEC and ipsec tools Message-ID: <44974C9A.7010004@thebeastie.org> In-Reply-To: <20060616122855.GA29279@uk.tiscali.com> References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Candler wrote:
On Fri, Jun 16, 2006 at 01:43:54PM +1000, Michael Vince wrote:
I have setup the GRE tunneling and that is working fine doing pings and
tracerts when I disable ipsec and ipsec-tools, its just the encryption
side thats the problem.
Ah, I guess this means you're following the instructions in the FreeBSD
handbook, which last time I looked gave a most bizarre and unnecessary way
of setting up IPSEC (GIF tunneling running on top of IPSEC *tunnel* mode). I
raised it on this list before.
Most people are better off just setting up IPSEC tunnel mode. A few use GIF
running on top of IPSEC _transport_ mode (e.g. those running routing
protocols like OSPF over tunnels)
Regards,
Brian.
Yeah I did build it based on the Handbook howto on VPNs, I had no idea
it wasn't right.
Interestingly I have managed to get this type of setting going with
Checkpoint.
Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44974C9A.7010004>