From owner-freebsd-questions@FreeBSD.ORG  Tue May 17 00:56:48 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 292FF16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 17 May 2005 00:56:48 +0000 (GMT)
Received: from smarthost2.sentex.ca (smarthost2.sentex.ca [205.211.164.50])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B724D43DCF
	for <freebsd-questions@freebsd.org>;
	Tue, 17 May 2005 00:56:47 +0000 (GMT)	(envelope-from mike@sentex.net)
Received: from BLUELAPIS.sentex.ca (cage.simianscience.com [64.7.134.1])
	by smarthost2.sentex.ca (8.13.3/8.13.3) with SMTP id j4H0ufd7058675;
	Mon, 16 May 2005 20:56:42 -0400 (EDT)
	(envelope-from mike@sentex.net)
From: Mike Tancsa <mike@sentex.net>
To: Daren Russell <darenr@end-design.co.uk>
Date: Mon, 16 May 2005 20:56:47 -0400
Message-ID: <23gi81pattnnan1rlv8uc0dva1ken5r8cj@4ax.com>
References: <d6a1fg$pf1$1@sea.gmane.org>
In-Reply-To: <d6a1fg$pf1$1@sea.gmane.org>
X-Mailer: Forte Agent 1.93/32.576 English (American)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on
	smarthost2.sentex.ca
X-Virus-Status: Clean
cc: freebsd-questions@freebsd.org
Subject: Re: IPSec and Racoon between 5.4 and 4.11
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2005 00:56:48 -0000

On Mon, 16 May 2005 12:51:50 +0100, in sentex.lists.freebsd.questions
you wrote:

>Hi,
>
>Has anybody got 5.4 <-> 4.11 talking in this config, or does anybody
>know of any pitfalls because of kernel changes?

There should not be any issues as I have 90+ RELENG4 boxes deployed
talking to a 5.4 server and a dozen RELENG_5 boxes talking to 2
RELENG_4 servers generally with out issue. The one thing we run into
from time to time is the issue of net.key.prefered_oldsa=3D1 on
=46AST_IPSEC on RELENG_4.  But other than that, it works.  What issues
are you running into ?  Did you enable debug logging in racoon ? What
state do the tunnels get to ? i.e what does setkey -D show ?

	---Mike
--------------------------------------------------------
Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
mike@sentex.net, (http://www.tancsa.com)