From owner-freebsd-security Thu Apr 19 14:47:53 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailhub.airlinksys.com (mailhub.airlinksys.com [216.70.12.6]) by hub.freebsd.org (Postfix) with ESMTP id 8344537B422 for ; Thu, 19 Apr 2001 14:47:50 -0700 (PDT) (envelope-from sjohn@airlinksys.com) Received: from sjohn.airlinksys.com (unknown [216.70.12.7]) by mailhub.airlinksys.com (Postfix) with ESMTP id 7A67353501 for ; Thu, 19 Apr 2001 16:47:49 -0500 (CDT) Received: by sjohn.airlinksys.com (Postfix, from userid 1000) id 839295E6A; Thu, 19 Apr 2001 16:47:48 -0500 (CDT) Date: Thu, 19 Apr 2001 16:47:48 -0500 From: Scott Johnson To: freebsd-security@freebsd.org Subject: IPSEC tunnel Message-ID: <20010419164748.A93102@ns2.airlinksys.com> Reply-To: Scott Johnson Mail-Followup-To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have an IPSEC tunnel running between two freebsd gateways. The tunnel itself is a UDP tunnel created by vtun, so that I can traverse a NAT between the gateways which doesn't understand ip tunnels. I have SPD entries on both gateways directing traffic from one net to the other to be tunneled through tun0, and the SAD entries are handled by racoon (listening on the tunnel interfaces) using X.509 certificates. It works fine except for the fact that neither of the nets can reach the opposite gateway. The gateway will reach the opposite net, for example with an ICMP ping or a TCP syn, but the reply, though sent by the host, and forwarded by the first gateway through the tunnel, where you can see it recieved by the tunnel interface in IPSEC encapsulated form, is never received by the application. It seems to me this SHOULD be working. How would I debug this? -- Scott Johnson System/Network Administrator Airlink Systems To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message