From owner-freebsd-net@FreeBSD.ORG Tue Jun 27 06:32:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24F4316A400 for ; Tue, 27 Jun 2006 06:32:07 +0000 (UTC) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (ns1.ecoms.com [207.44.130.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51F2243D5C for ; Tue, 27 Jun 2006 06:31:51 +0000 (GMT) (envelope-from mv@thebeastie.org) Received: from p4.roq.com (localhost.roq.com [127.0.0.1]) by p4.roq.com (Postfix) with ESMTP id AD28A4CE07 for ; Tue, 27 Jun 2006 06:30:52 +0000 (GMT) Received: from vaulte.jumbuck.com (ppp166-27.static.internode.on.net [150.101.166.27]) by p4.roq.com (Postfix) with ESMTP id A44EB4CDFF for ; Tue, 27 Jun 2006 06:30:37 +0000 (GMT) Received: from vaulte.jumbuck.com (localhost [127.0.0.1]) by vaulte.jumbuck.com (Postfix) with ESMTP id 4B5AA8A069; Tue, 27 Jun 2006 16:30:18 +1000 (EST) Received: from [192.168.46.102] (unknown [192.168.46.250]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by vaulte.jumbuck.com (Postfix) with ESMTP id 445FA8A066; Tue, 27 Jun 2006 16:30:18 +1000 (EST) Message-ID: <44A0D079.9030407@thebeastie.org> Date: Tue, 27 Jun 2006 16:30:17 +1000 From: Michael Vince User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.7.12) Gecko/20060404 X-Accept-Language: en-us, en MIME-Version: 1.0 To: David DeSimone References: <449228FA.50303@thebeastie.org> <20060616122855.GA29279@uk.tiscali.com> <20060616154306.GA18578@verio.net> <449B5D50.8000700@thebeastie.org> <20060623062221.GA23272@verio.net> <449F52AA.8080504@thebeastie.org> <20060626040939.GA25367@verio.net> <20060626063010.GB25367@verio.net> In-Reply-To: <20060626063010.GB25367@verio.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP X-Virus-Scanned: ClamAV using ClamSMTP Cc: freebsd-net@freebsd.org Subject: Re: VPN with FAST_IPSEC and ipsec tools X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2006 06:32:07 -0000 David DeSimone wrote: >- -- >David DeSimone == Network Admin == fox@verio.net > > I got it going! Its working like a dream now. I don't have a for sure reason why it wasn't working but my best guess is it was one that actually boiled down to a silly mistake as you suggested. I feel quite silly as it appears after some testing whats was holding it back was simply failing to reload the ipsec rules properly. Most if not all the time I was doing /etc/rc.d/ipsec restart, when I should of been either using setkey manually or /etc/rc.d/ipsec reload. After looking at the ipsec shell that the restart function doesn't do the equivalent effect as 'reload' Personally I see this as a trap any one could fall into. Big thanks to you, as if you weren't there I probably would of given up earlier and had to replace the gateway with something else altogether. Thanks, Mike