From owner-freebsd-net@FreeBSD.ORG Mon May 24 19:39:01 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C17E16A4CE for ; Mon, 24 May 2004 19:39:01 -0700 (PDT) Received: from shuttle.wide.toshiba.co.jp (shuttle.wide.toshiba.co.jp [202.249.10.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DE4E43D31 for ; Mon, 24 May 2004 19:39:00 -0700 (PDT) (envelope-from jinmei@isl.rdc.toshiba.co.jp) Received: from ocean.jinmei.org (unknown [2001:200:0:8002:edd1:491d:5a40:6335]) by shuttle.wide.toshiba.co.jp (Postfix) with ESMTP id B80CA1525D; Tue, 25 May 2004 11:38:10 +0900 (JST) Date: Tue, 25 May 2004 11:38:13 +0900 Message-ID: From: JINMEI Tatuya / =?ISO-2022-JP?B?GyRCP0BMQEMjOkgbKEI=?= To: Muhammad Reza In-Reply-To: <40B15C50.2030201@mra.co.id> References: <40B15C50.2030201@mra.co.id> User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI) Organization: Research & Development Center, Toshiba Corp., Kawasaki, Japan. MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen") Content-Type: text/plain; charset=US-ASCII cc: freebsd-net@freebsd.org Subject: Re: vpn over ipsec question X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 May 2004 02:39:01 -0000 >>>>> On Mon, 24 May 2004 09:22:08 +0700, >>>>> Muhammad Reza said: > I try to configure vpn over ipsec between two FreeBSD (4.10PRERELEASE > and 5.1.p17) gateways. > My guidelines is from FreeBSD handbook, > Tunelling is workfine with gifconfig command, i can ping each internal > interface from both side gateway. > The problem is when i try to securing the link with setkey command > (setkey -f /etc/ipsec.conf), i cant no longer established connection > between internal interface. (ping time out). > Please help me regarding this problem Please provide more detailed information if you want to get useful advice. At least the content of ipsec.conf is necessary. Perhaps it contains "real" secret keys you want to hide. If so, first try the same configuration with temporary keys like "foobarbaz", and report the problem again (if it happens) with the full details of ipsec.conf and the temporary keys. Another nit: you may also want to ask the question at snap-users@kame.net if you still cannot get an answer here. JINMEI, Tatuya Communication Platform Lab. Corporate R&D Center, Toshiba Corp. jinmei@isl.rdc.toshiba.co.jp