Date: Thu, 26 Feb 2004 08:40:21 +0100 (MET) From: Helge Oldach <helge.oldach@atosorigin.com> To: steve@softgreen.co.uk (Steve Greenshaw) Cc: freebsd-net@freebsd.org Subject: Re: FreeBSD (Racoon) / Draytek Setup Message-ID: <200402260740.IAA18872@galaxy.hbg.de.ao-srv.com> In-Reply-To: <006d01c3fbf2$0b3b9f20$c832a8c0@SOFTGREEN> from Steve Greenshaw at "Feb 25, 2004 11:52:27 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Steve Greenshaw: >################ >spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec >esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require; >spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec >esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require; >################ Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip" encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this is just meaningless here as the gif interface just acts as a routing placeholder and doesn't actually transport traffic.) The other thing you might want to try is using "unique" instead of "require". This is necessary for ESP tunnel mode against Cisco boxes, and probably will catch your case as well. Maybe someone can explain the difference between these two? The manpage isn't really verbose... Regards, Helge
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402260740.IAA18872>