From owner-freebsd-net@FreeBSD.ORG Tue Nov 22 22:01:24 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BCEF116A41F for ; Tue, 22 Nov 2005 22:01:24 +0000 (GMT) (envelope-from baldur@foo.is) Received: from gremlin.foo.is (gremlin.foo.is [194.105.250.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id CD3C543D6D for ; Tue, 22 Nov 2005 22:01:10 +0000 (GMT) (envelope-from baldur@foo.is) Received: from 127.0.0.1 (localhost.foo.is [127.0.0.1]) by injector.foo.is (Postfix) with SMTP id 44BBF28465 for ; Tue, 22 Nov 2005 22:01:07 +0000 (GMT) Received: by gremlin.foo.is (Postfix, from userid 1000) id A227D2845F; Tue, 22 Nov 2005 22:01:03 +0000 (GMT) Date: Tue, 22 Nov 2005 22:01:03 +0000 From: Baldur Gislason To: freebsd-net@freebsd.org Message-ID: <20051122220103.GO97528@gremlin.foo.is> References: <20051122215253.GM97528@gremlin.foo.is> <20051122215724.GN97528@gremlin.foo.is> In-Reply-To: <20051122215724.GN97528@gremlin.foo.is> User-Agent: Mutt/1.4.2.1i X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on gremlin.foo.is X-Spam-Level: X-Spam-Status: No, score=-5.9 required=6.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.0.4 X-Sanitizer: Foo MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Subject: Re: Strange problem with IPSEC, not entirely transparent. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Nov 2005 22:01:24 -0000 And another observation, sorry for flooding the list like this. The 4.11 box is compiled with IPSEC_DEBUG but the 5.4 box isn't. Baldur On Tue, Nov 22, 2005 at 09:57:24PM +0000, Baldur Gislason wrote: > Adding: > If I kill spmd on the 5.4 box, then all works fine but the comms are only encrypted in one direction. > > Baldur > > On Tue, Nov 22, 2005 at 09:52:53PM +0000, Baldur Gislason wrote: > > I recently set up IPSEC communications between two hosts I have in different places. > > One is FreeBSD 5.4-STABLE August 22. 2005. The other is 4.11-STABLE April 18th 2005. > > I run a gif tunnel between them and routes for networks found on both sides are negotiated > > by quagga using ospf. > > the internet ips of the hosts are not listed as networks in ospfd.conf because that would > > break the tunnel. > > > > Now, here's the problem. When I have spmd and iked running on both ends, and everything between > > the hosts goes by IPSEC, comms over the tunnel work fine but I cannot connect to any TCP ports > > on the 5.4 machine from the 4.10 machine. > > I can connect from the 5.4 machine to the 4.10 machine though. > > Both machines can ping each other, no problems there. And all comms that go through the gif0 tunnel > > work. > > > > I tried flushing ipfw on both ends, no luck. > > Any ideas? > > > > Baldur > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >