From owner-freebsd-net Mon Apr 8 11:21:15 2002 Delivered-To: freebsd-net@freebsd.org Received: from artemis.drwilco.net (diana.drwilco.net [66.48.127.79]) by hub.freebsd.org (Postfix) with ESMTP id 384A537B405 for ; Mon, 8 Apr 2002 11:20:58 -0700 (PDT) Received: from ceres.drwilco.net (docwilco.xs4all.nl [213.84.68.230]) by artemis.drwilco.net (8.11.6/8.11.6) with ESMTP id g38IKHx15522 (using TLSv1/SSLv3 with cipher DES-CBC3-SHA (168 bits) verified NO); Mon, 8 Apr 2002 14:20:19 -0400 (EDT) (envelope-from drwilco@drwilco.net) Message-Id: <5.1.0.14.0.20020408202757.01cac470@mail.drwilco.net> X-Sender: lists@mail.drwilco.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 08 Apr 2002 20:32:50 +0200 To: mgt@hytekblue.com, freebsd-net@FreeBSD.ORG From: "Rogier R. Mulhuijzen" Subject: Re: IPsec tunnel mode In-Reply-To: <200204081807.NAA45347@cobalt.hytekblue.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 13:07 8-4-2002 -0500, Matthew wrote: >check out this link... they were a great deal of help to me when i went >to setup ipsec on freebsd... > > Best wishes > Hytekblue > >http://www.x-itec.de/projects/tuts/ipsec-howto.txt Unfortunately this howto, like any other mention of IPsec & tunneling on the net uses the gif interface. Which is IPoverIP, and this does not seem to match with IPsec tunnel devices. I quote the gif(4) manpage: "For example, you cannot usually use gif to talk with IPsec devices that use IPsec tunnel mode." The problem is I have to make a FreeBSD box at work talk with a Firebox IPsec machine. I have set the machine up to use racoon & gif. Key exchange goes fine, but when we try to ping eachother the packets go over the wire and arrive at the other machine but neither side seems to want to receive them. Any ideas? Doc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message