Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 6 Jul 2012 17:40:07 -0700
From:      Chris Benesch <chris.benesch@gmail.com>
To:        freebsd-net@freebsd.org
Subject:   Re: IPSec woes coming from OpenBSD to Free
Message-ID:  <CAPKwmM1s3Xuox80zqS9Tr%2B-8LJtf6u3Y5EXZw5G=keoDWjCA5A@mail.gmail.com>
In-Reply-To: <BABF8C57A778F04791343E5601659908236C45@cinip100ntsbs.irtnog.net>
References:  <CAPKwmM1heXCRviB5nQ-YCDYsTTLMa2UNDG4sAfj1xeeft63RNQ@mail.gmail.com> <BABF8C57A778F04791343E5601659908236C45@cinip100ntsbs.irtnog.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Yeah the whole GIF interface thing seemed weird to me too.  I'm in much the
same situation I'm connecting to a Watchguard device, similar to the router
I guess you are hooking to.

I did get it to start trying to send, using the ping command.  Never
thought I had to kick start the data going to it to get it to connect, but
I guess I do.

So now I have another problem

2012-07-07 00:16:02: INFO: initiate new phase 1 negotiation:
192.186.0.33[500]<=>my.rou.
ter.ip[500]
2012-07-07 00:16:02: INFO: begin Identity Protection mode.
2012-07-07 00:16:02: DEBUG: new cookie:
dad1f78e51bb5b7e
2012-07-07 00:16:02: DEBUG: add payload of len 52, next type 13
2012-07-07 00:16:02: DEBUG: add payload of len 16, next type 0
2012-07-07 00:16:02: ERROR: *phase1 negotiation failed due to send error.
dad1f78e51bb5b7e:0000000000000000*
2012-07-07 00:16:02: ERROR: failed to begin ipsec sa negotication.

I think I know what it is though, I recompiled the kernel with just option
IPSEC the first time and I got an error about unable to set a flag on the
rl0 interface, so I found out if you add option IPSEC_NAT_T in there the
error goes away.  So I am recompiling the kernel with just IPSEC.  I'll let
you know how it works after its done.  It takes awhile, its an old Pentium
4 machine with 400 M of ram and a laptop.  The AMD 6 core w/16 G ram I hope
one day to set up to run FreeBSD will be much nicer.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPKwmM1s3Xuox80zqS9Tr%2B-8LJtf6u3Y5EXZw5G=keoDWjCA5A>