Date: Thu, 19 Apr 2001 16:47:48 -0500 From: Scott Johnson <sjohn@airlinksys.com> To: freebsd-security@freebsd.org Subject: IPSEC tunnel Message-ID: <20010419164748.A93102@ns2.airlinksys.com>
next in thread | raw e-mail | index | archive | help
I have an IPSEC tunnel running between two freebsd gateways. The tunnel
itself is a UDP tunnel created by vtun, so that I can traverse a NAT
between the gateways which doesn't understand ip tunnels. I have SPD
entries on both gateways directing traffic from one net to the other to be
tunneled through tun0, and the SAD entries are handled by racoon
(listening on the tunnel interfaces) using X.509 certificates. It works
fine except for the fact that neither of the nets can reach the opposite
gateway. The gateway will reach the opposite net, for example with an ICMP
ping or a TCP syn, but the reply, though sent by the host, and forwarded
by the first gateway through the tunnel, where you can see it recieved by
the tunnel interface in IPSEC encapsulated form, is never received by the
application. It seems to me this SHOULD be working. How would I debug
this?
--
Scott Johnson
System/Network Administrator
Airlink Systems
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010419164748.A93102>