From owner-freebsd-current@FreeBSD.ORG  Mon Aug  9 13:07:16 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1789416A4CE
	for <current@freebsd.org>; Mon,  9 Aug 2004 13:07:16 +0000 (GMT)
Received: from mailout02.sul.t-online.com (mailout02.sul.t-online.com
	[194.25.134.17])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A884C43D48
	for <current@freebsd.org>; Mon,  9 Aug 2004 13:07:15 +0000 (GMT)
	(envelope-from Alexander@Leidinger.net)
Received: from fwd05.aul.t-online.de 
	by mailout02.sul.t-online.com with smtp 
	id 1Bu9ru-0002Vj-04; Mon, 09 Aug 2004 15:07:14 +0200
Received: from Andro-Beta.Leidinger.net
	(SgQKO6ZAwe11+atIgQcNdXz40f6Y1mK8zKcY+dN8mkUyumGNSyjpYk@[217.229.208.124]) by
	fmrl05.sul.t-online.com
	with esmtp id 1Bu9rn-0aFyoi0; Mon, 9 Aug 2004 15:07:07 +0200
Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1])
	i79D7BlO033902;	Mon, 9 Aug 2004 15:07:11 +0200 (CEST)
	(envelope-from Alexander@Leidinger.net)
Date: Mon, 9 Aug 2004 15:07:54 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Hannes Mehnert <hannes@mehnert.org>
Message-Id: <20040809150754.13ca108a@Magellan.Leidinger.net>
In-Reply-To: <20040809112700.GB659@mehnert.org>
References: <200408080622.i786Mnhe017474@www1.pochta.ru>
	<20040808132524.GB1033@mehnert.org>
	<20040808155623.2fa6fb4b@Magellan.Leidinger.net>
	<20040809112700.GB659@mehnert.org>
X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-ID: SgQKO6ZAwe11+atIgQcNdXz40f6Y1mK8zKcY+dN8mkUyumGNSyjpYk@t-dialin.net
cc: current@freebsd.org
Subject: Re: IPSec + 5.2.current Problem
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2004 13:07:16 -0000

On Mon, 9 Aug 2004 13:27:00 +0200
Hannes Mehnert <hannes@mehnert.org> wrote:

> > So you're able to transfer data over the tunnel with IPSEC?
> 
> Yes, I'm able to transfer packets with IPSEC and IPSEC_ESP (just
> verified this). But I use FAST_IPSEC because i have a soekris vpn1411
> (http://www.soekris.com/vpn1401.htm).
> 
> I also had some problems with IPSEC and IPSEC_ESP, changing require
> to use in the policies fixed that. With require racoon was not able
> to initiate phase 1, because all non esp traffic was dropped.

I think this is a datapoint... I use a "require" policy too. ATM I can't
test with "use" instead.

Bye,
Alexander.

-- 
           I'm available to get hired (preferred in .lu).

http://www.Leidinger.net                       Alexander @ Leidinger.net
  GPG fingerprint = C518 BC70 E67F 143F BE91  3365 79E2 9C60 B006 3FE7