From owner-freebsd-net@FreeBSD.ORG Tue Jun 20 01:17:19 2006 Return-Path: X-Original-To: net@freebsd.org Delivered-To: freebsd-net@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9799B16A474 for ; Tue, 20 Jun 2006 01:17:19 +0000 (UTC) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37BE443D49 for ; Tue, 20 Jun 2006 01:17:17 +0000 (GMT) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id AEA074CD73 for ; Tue, 20 Jun 2006 01:17:34 +0000 (GMT) Received: from vaulte.jumbuck.com (ppp166-27.static.internode.on.net [150.101.166.27]) by p4.roq.com (Postfix) with ESMTP id 53E174CD72 for ; Tue, 20 Jun 2006 01:17:34 +0000 (GMT) Received: from vaulte.jumbuck.com (localhost [127.0.0.1]) by vaulte.jumbuck.com (Postfix) with ESMTP id 47C348A046; Tue, 20 Jun 2006 11:17:15 +1000 (EST) Received: from [192.168.46.102] (unknown [192.168.46.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vaulte.jumbuck.com (Postfix) with ESMTP id 333C18A037; Tue, 20 Jun 2006 11:17:15 +1000 (EST) Message-ID: <44974C9A.7010004@thebeastie.org> Date: Tue, 20 Jun 2006 11:17:14 +1000 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20060404 X-Accept-Language: en-us, en To: Brian Candler References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com> In-Reply-To: <20060616122855.GA29279@uk.tiscali.com> Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Scanned: ClamAV using ClamSMTP MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: net@freebsd.org Subject: Re: VPN with FAST_IPSEC and ipsec tools X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jun 2006 01:17:19 -0000 Brian Candler wrote: On Fri, Jun 16, 2006 at 01:43:54PM +1000, Michael Vince wrote: I have setup the GRE tunneling and that is working fine doing pings and tracerts when I disable ipsec and ipsec-tools, its just the encryption side thats the problem. Ah, I guess this means you're following the instructions in the FreeBSD handbook, which last time I looked gave a most bizarre and unnecessary way of setting up IPSEC (GIF tunneling running on top of IPSEC *tunnel* mode). I raised it on this list before. Most people are better off just setting up IPSEC tunnel mode. A few use GIF running on top of IPSEC _transport_ mode (e.g. those running routing protocols like OSPF over tunnels) Regards, Brian. Yeah I did build it based on the Handbook howto on VPNs, I had no idea it wasn't right. Interestingly I have managed to get this type of setting going with Checkpoint. Mike