From owner-freebsd-net  Mon Nov 13 21:10: 5 2000
Delivered-To: freebsd-net@freebsd.org
Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4])
	by hub.freebsd.org (Postfix) with ESMTP id 9382837B479
	for <freebsd-net@freebsd.org>; Mon, 13 Nov 2000 21:10:00 -0800 (PST)
Received: from chimp.simianscience.com (cage.simianscience.com [64.7.134.1])
	by smtp1.sentex.ca (8.11.0/8.11.0) with SMTP id eAE59Rx44585;
	Tue, 14 Nov 2000 00:09:27 -0500 (EST)
From: Mike Tancsa <mike@sentex.net>
To: mikey@kappaisle.com (Mike)
Cc: freebsd-net@freebsd.org
Subject: Re: VPN over PPPoE (racoon at fault?)
Date: Tue, 14 Nov 2000 00:09:27 -0500
Message-ID: <mcg11tscg1muv0kl3n46ojldqbjid4ruql@4ax.com>
References: <SEN.973807317.134261156@news.sentex.net>
In-Reply-To: <SEN.973807317.134261156@news.sentex.net>
X-Mailer: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 9 Nov 2000 17:01:58 -0500, in sentex.lists.freebsd.net you wrote:

>Hi all,
>
>Has anyone ever successfully configured VPN (using IPSec protocol) over
>PPPoE connection?  I have 1 VPN configured over 2 locations with T1
>connections without any problem (using the KAME IPSec on FreeBSD
>4.1.1).  However, when I tried the same configuration with the 3rd
>location running DSL, it seems the IPSec packets can't reach out via =
tun0
>device.

I can do it with manual keying, but not with racoon.  Both transport and
tunnel mode work for me, but neither works with racoon.  NAT is a bit
tricky, but then again with tunnel mode, it doesnt really matter.


One end is
4.2-BETA FreeBSD 4.2-BETA #0: Mon Nov 13 13:52:46 EST 2000
other is=20
4.2-BETA FreeBSD 4.2-BETA #0: Sun Nov  5 18:25:14 EST 2000=20

This is via the same sort of DSL you are using i.e. Bell Nexxia type =
stuff
through a Redback etc...

I havent had time to send a note to the KAME folk, but when using racoon =
on
DSL, I get these sorts of log entries that I dont normally get

2000-11-13 23:46:29: isakmp_agg.c:927:agg_r2recv():
real.addr.totally-diff-subnet.1 ignore the packet, received unexpecting
payload type 1.
2000-11-13 23:46:10: isakmp_inf.c:177:isakmp_info_recv():
real.addr.totally-diff-subnet.1 ignore the packet, received unexpecting
payload type 89.
2000-11-13 23:52:37: isakmp_inf.c:177:isakmp_info_recv():
real.addr.totally-diff-subnet.4 ignore the packet, received unexpecting
payload type 187.

	---Mike
Mike Tancsa  (mdtancsa@sentex.net)	=09
Sentex Communications Corp,   	=09
Waterloo, Ontario, Canada
"Given enough time, 100 monkeys on 100 routers=20
could setup a national IP network." (KDW2)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message