From owner-freebsd-net@FreeBSD.ORG Mon Nov 30 22:42:31 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5DD14106568B for ; Mon, 30 Nov 2009 22:42:31 +0000 (UTC) (envelope-from ol@csa.ru) Received: from ol.homeunix.org (home.obaranov.spb.ru [93.100.48.130]) by mx1.freebsd.org (Postfix) with ESMTP id 15CED8FC0A for ; Mon, 30 Nov 2009 22:42:30 +0000 (UTC) Received: by ol.homeunix.org (Postfix, from userid 110) id C68F815342F; Tue, 1 Dec 2009 01:25:56 +0300 (MSK) X-Virus-Scanned: amavisd-new at csa.ru Received: from ol.homeunix.org ([127.0.0.1]) by localhost (mail.csa.ru [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3aCXf8U0y+ox; Tue, 1 Dec 2009 01:25:55 +0300 (MSK) Received: from [192.168.239.248] (unknown [192.168.239.248]) by ol.homeunix.org (Postfix) with ESMTPSA id 78C3B153421; Tue, 1 Dec 2009 01:25:55 +0300 (MSK) Message-ID: <4B144673.9000403@csa.ru> Date: Tue, 01 Dec 2009 01:25:55 +0300 From: Oleg Baranov User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Andrea Venturoli References: <4B143C6E.3030609@netfence.it> In-Reply-To: <4B143C6E.3030609@netfence.it> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Connecting to a WatchGuard box X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Nov 2009 22:42:31 -0000 Hi! I've been working with Watchguard 8.3 & 9.0 for some time. In general it was fine but we've suffered connection recovery problems after ISP blackouts from time to time. Here is my section of racoon.conf remote a.b.c.d { exchange_mode main; lifetime time 8 hour ; # sec,min,hour my_identifier fqdn "my.dom.ain"; peers_identifier fqdn "watchguard.fw.dn"; initial_contact on; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 1; } proposal_check obey; } Setkey and PSK file records are standard as well as gif interfaces setup. On Watchguard it was Branch Office Gateway and tunnel set up accordingly to the parameters above... Andrea Venturoli wrote: > Hello. > A customer of mine was connecting to a remote WatchGuard box through > their Mobile VPN client. > Now I'd like the server to take over that and le the whole network > connect. > > Did anyone ever succeded in this? Is it possible? > Should be IPSEC, but anyone has an how-to? > > bye & Thanks > av. > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"