From owner-freebsd-net@FreeBSD.ORG  Thu Feb 26 03:13:25 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1554816A4CF
	for <freebsd-net@freebsd.org>; Thu, 26 Feb 2004 03:13:25 -0800 (PST)
Received: from uk-server1.anon-dns.net (uk-server1.anon-dns.net
	[193.111.226.20])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 93A6E43D2D
	for <freebsd-net@freebsd.org>; Thu, 26 Feb 2004 03:13:24 -0800 (PST)
	(envelope-from steve@softgreen.co.uk)
Received: from [194.83.183.118] (helo=ACM12601)
	by uk-server1.anon-dns.net with smtp (Exim 4.30)
	id 1AwJSF-0005ms-MV; Thu, 26 Feb 2004 11:13:23 +0000
Message-ID: <002001c3fc59$4c40f440$76b753c2@ACM12601>
From: "Steve Greenshaw" <steve@softgreen.co.uk>
To: "Helge Oldach" <helge.oldach@atosorigin.com>
References: <200402260740.IAA18872@galaxy.hbg.de.ao-srv.com>
Date: Thu, 26 Feb 2004 11:11:34 -0000
Organization: SoftGreen Design Limited
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
cc: freebsd-net@freebsd.org
Subject: Re: FreeBSD (Racoon) / Draytek Setup
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Feb 2004 11:13:25 -0000

Thanks. Works fine now when connecting from the Draytek ... getting a
'segmentation fault (cored dump)' from racoon when trying to initiate the
connection from the FreeBSD box, but some more fine tuning may be required.

Thanks again.

Steve.

----- Original Message ----- 
From: "Helge Oldach" <helge.oldach@atosorigin.com>
To: "Steve Greenshaw" <steve@softgreen.co.uk>
Cc: <freebsd-net@freebsd.org>
Sent: Thursday, February 26, 2004 7:40 AM
Subject: Re: FreeBSD (Racoon) / Draytek Setup


> Steve Greenshaw:
> >################
> >spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec
> >esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require;
> >spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec
> >esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require;
> >################
>
> Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip"
> encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this
> is just meaningless here as the gif interface just acts as a routing
> placeholder and doesn't actually transport traffic.)
>
> The other thing you might want to try is using "unique" instead of
> "require". This is necessary for ESP tunnel mode against Cisco boxes,
> and probably will catch your case as well.
>
> Maybe someone can explain the difference between these two? The manpage
> isn't really verbose...
>
> Regards,
> Helge
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>