Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 May 2001 13:15:59 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        "Brandt Everett" <everett@bentonrea.com>
Cc:        <freebsd-stable@FreeBSD.ORG>
Subject:   Re: FreeBSD and IPSEC
Message-ID:  <200105242015.f4OKFxH30464@earth.backplane.com>
References:   <004501c0e487$b8a14af0$632807d8@prosser.bentonrea.org>

next in thread | previous in thread | raw e-mail | index | archive | help
:I have two remote offices.  I am running FreeBSD ver 4.0R on all three
:firewalls.  I would like to create two VPN between the remote offices and
:our HQ here.  I can create a VPN connection using the gif and
:esp/tunnel//require, without the racoon, but from time to time the remote
:offices loose communication with the HQ.  If I allow routing between the
:remote sites, without the VPN or encryption they work just fine.  There are
:some ipfw rules in place, but this happens even if I open the firewall up
:all the way.
:
:Does anyone have any suggestions for troubleshooting this?  Any ideas on
:where to continue looking for problems?  I'm not looking for answers(unless
:you got them) I'm looking for the next place to look.
:
:Brandt Everett

    I did an IPSEC tunnel once with the same problem.  It turned out that
    cyclic sequence numbers were not being allowed (I guess for security
    reasons).  Any sort of packet loss caused the VPN to stop working.
    Allowing cyclic sequence numbers fixed the problem.

    Unfortunately, this was a year ago so I don't have the config file
    to show you. I'm not sure where you specify it in the config.
    
						-Matt


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105242015.f4OKFxH30464>