From owner-freebsd-net  Mon Apr  8 11:21:15 2002
Delivered-To: freebsd-net@freebsd.org
Received: from artemis.drwilco.net (diana.drwilco.net [66.48.127.79])
	by hub.freebsd.org (Postfix) with ESMTP id 384A537B405
	for <freebsd-net@FreeBSD.ORG>; Mon,  8 Apr 2002 11:20:58 -0700 (PDT)
Received: from ceres.drwilco.net (docwilco.xs4all.nl [213.84.68.230])
	by artemis.drwilco.net (8.11.6/8.11.6) with ESMTP id g38IKHx15522
	(using TLSv1/SSLv3 with cipher DES-CBC3-SHA (168 bits) verified NO);
	Mon, 8 Apr 2002 14:20:19 -0400 (EDT)
	(envelope-from drwilco@drwilco.net)
Message-Id: <5.1.0.14.0.20020408202757.01cac470@mail.drwilco.net>
X-Sender: lists@mail.drwilco.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Mon, 08 Apr 2002 20:32:50 +0200
To: mgt@hytekblue.com, freebsd-net@FreeBSD.ORG
From: "Rogier R. Mulhuijzen" <drwilco@drwilco.net>
Subject: Re: IPsec tunnel mode
In-Reply-To: <200204081807.NAA45347@cobalt.hytekblue.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

At 13:07 8-4-2002 -0500, Matthew wrote:

>check out this link... they were a great deal of help to me when i went
>to setup  ipsec on freebsd...
>
>    Best wishes
>      Hytekblue
>
>http://www.x-itec.de/projects/tuts/ipsec-howto.txt

Unfortunately this howto, like any other mention of IPsec & tunneling on 
the net uses the gif interface. Which is IPoverIP, and this does not seem 
to match with  IPsec tunnel devices.

I quote the gif(4) manpage:

"For example, you cannot usually use gif to talk with IPsec devices that 
use IPsec tunnel mode."

The problem is I have to make a FreeBSD box at work talk with a Firebox 
IPsec machine. I have set the machine up to use racoon & gif. Key exchange 
goes fine, but when we try to ping eachother the packets go over the wire 
and arrive at the other machine but neither side seems to want to receive them.

Any ideas?

         Doc


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message