From owner-freebsd-questions@FreeBSD.ORG Tue May 20 07:54:20 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3BDEC106564A for ; Tue, 20 May 2008 07:54:20 +0000 (UTC) (envelope-from msaf1980@rambler.ru) Received: from mxa.rambler.ru (mxa.rambler.ru [81.19.66.231]) by mx1.freebsd.org (Postfix) with ESMTP id E85728FC14 for ; Tue, 20 May 2008 07:54:19 +0000 (UTC) (envelope-from msaf1980@rambler.ru) Received: from mcgi65.rambler.ru (mcgi65.rambler.ru [81.19.67.199]) by mxa.rambler.ru (Postfix) with ESMTP id C839E74426 for ; Tue, 20 May 2008 11:35:55 +0400 (MSD) Received: from mcgi65.rambler.ru (localhost [127.0.0.1]) by mcgi65.rambler.ru (Postfix) with ESMTP id 861A35C8B for ; Tue, 20 May 2008 11:35:54 +0400 (MSD) Received: from [195.58.21.225] by mcgi65.rambler.ru with HTTP (mailimap); Tue, 20 May 2008 11:35:52 +0400 From: misha saf To: Date: Tue, 20 May 2008 11:35:52 +0400 MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="windows-1251"; format="flowed" Message-Id: <477934569.1211268952.61777256.49341@mcgi65.rambler.ru> X-Mailer: Ramail 3u, (untone) Subject: exclude network from ipsec X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 May 2008 07:54:20 -0000 God day. I have some problem with ipsec, established between two networks 10.11.0.0/16, D-Link DFL-210. LAN IP - 10.11.3.1 10.11.56.0/16, FreeBSD 6.3 LAN IP - 10.11.56.1 /etc/ipsec.conf flush; spdflush; spdadd 10.11.56.0/24 10.11.0.0/16 any -P out ipsec esp/tunnel/xx.xx.xx.xx-yy.yy.yy.yy/require; spdadd 10.11.0.0/16 10.11.56.0/24 any -P in ipsec esp/tunnel/yy.yy.yy.yy-xx.xx.xx.xx/require; Routing table 10.11/16 yy.yy.yy.yy UGS 3222382 3223301 vlan0 10.11.56/24 link#1 UC 0 0 rl0 Tunnel established and work fine, but queries from 10.11.56.0/24 to 10.11.56.1 are dended through ipsec tunnel I can't ping 10.11.56.1 even localy from router There are a way to send queriers from 10.11.56.0 to several networks from 10.11.0.0/24 (10.11.56.0/24, 10.11.57.0/24 for example) without ipsec ?