Date: Thu, 24 May 2001 15:57:20 -0700 From: "Brandt Everett" <everett@bentonrea.com> To: "'Matt Dillon'" <dillon@earth.backplane.com> Cc: <freebsd-stable@FreeBSD.ORG> Subject: RE: FreeBSD and IPSEC Message-ID: <004c01c0e4a4$e43fcd90$632807d8@prosser.bentonrea.org> In-Reply-To: <200105242015.f4OKFxH30464@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ok, I see a switch for it on the setkey(8) man but I can't seem to get it too take. I keep getting an invalid argument here is the man page section extensions takes some of the following: -m mode Specify an security protocol mode for use. By de- fault, any. mode is one of following: transport, tunnel or any. -r size Specify window size of bytes for replay prevention. size must be decimal number in 32-bit word. If size is zero or not specified, replay check don't take place. -f pad_option pad_option is one of following: zero-pad, random-pad or seq-pad -f cyclic-seq Allow cyclic sequence number. -lh time -ls time Specify hard/soft lifetime. add x.x.x.x y.y.y.y esp 9983 -m any -f cyclic-seq -E 3des-cbc "mysecret"; add y.y.y.y x.x.x.x esp 9984 -m any -f cyclic-seq -E 3des-cbc "mysecret"; Has something changed on this that I can't find the info on? Brandt Everett -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- e-mail: everett@bentonrea.com webpage: www.bentonrea.com -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > -----Original Message----- > From: owner-freebsd-stable@FreeBSD.ORG > [mailto:owner-freebsd-stable@FreeBSD.ORG]On Behalf Of Matt Dillon > Sent: Thursday, May 24, 2001 1:16 PM > To: Brandt Everett > Cc: freebsd-stable@FreeBSD.ORG > Subject: Re: FreeBSD and IPSEC > > > :I have two remote offices. I am running FreeBSD ver 4.0R on > all three > :firewalls. I would like to create two VPN between the > remote offices and > :our HQ here. I can create a VPN connection using the gif and > :esp/tunnel//require, without the racoon, but from time to > time the remote > :offices loose communication with the HQ. If I allow routing > between the > :remote sites, without the VPN or encryption they work just > fine. There are > :some ipfw rules in place, but this happens even if I open > the firewall up > :all the way. > : > :Does anyone have any suggestions for troubleshooting this? > Any ideas on > :where to continue looking for problems? I'm not looking for > answers(unless > :you got them) I'm looking for the next place to look. > : > :Brandt Everett > > I did an IPSEC tunnel once with the same problem. It > turned out that > cyclic sequence numbers were not being allowed (I guess > for security > reasons). Any sort of packet loss caused the VPN to stop working. > Allowing cyclic sequence numbers fixed the problem. > > Unfortunately, this was a year ago so I don't have the config file > to show you. I'm not sure where you specify it in the config. > > -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004c01c0e4a4$e43fcd90$632807d8>