Date: Tue, 14 Nov 2000 14:18:30 -0500 (EST) From: Mike <mikey@kappaisle.com> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-net@freebsd.org Subject: Re: VPN over PPPoE (racoon at fault?) Message-ID: <Pine.BSF.4.21.0011141404280.92064-100000@greencreek.kappaisle.com> In-Reply-To: <mcg11tscg1muv0kl3n46ojldqbjid4ruql@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike, I had the same experience here as well. Racoon doesn't seem to like PPPoE for some reason... Mike On Tue, 14 Nov 2000, Mike Tancsa wrote: > On 9 Nov 2000 17:01:58 -0500, in sentex.lists.freebsd.net you wrote: > > >Hi all, > > > >Has anyone ever successfully configured VPN (using IPSec protocol) over > >PPPoE connection? I have 1 VPN configured over 2 locations with T1 > >connections without any problem (using the KAME IPSec on FreeBSD > >4.1.1). However, when I tried the same configuration with the 3rd > >location running DSL, it seems the IPSec packets can't reach out via tun0 > >device. > > I can do it with manual keying, but not with racoon. Both transport and > tunnel mode work for me, but neither works with racoon. NAT is a bit > tricky, but then again with tunnel mode, it doesnt really matter. > > > One end is > 4.2-BETA FreeBSD 4.2-BETA #0: Mon Nov 13 13:52:46 EST 2000 > other is > 4.2-BETA FreeBSD 4.2-BETA #0: Sun Nov 5 18:25:14 EST 2000 > > This is via the same sort of DSL you are using i.e. Bell Nexxia type stuff > through a Redback etc... > > I havent had time to send a note to the KAME folk, but when using racoon on > DSL, I get these sorts of log entries that I dont normally get > > 2000-11-13 23:46:29: isakmp_agg.c:927:agg_r2recv(): > real.addr.totally-diff-subnet.1 ignore the packet, received unexpecting > payload type 1. > 2000-11-13 23:46:10: isakmp_inf.c:177:isakmp_info_recv(): > real.addr.totally-diff-subnet.1 ignore the packet, received unexpecting > payload type 89. > 2000-11-13 23:52:37: isakmp_inf.c:177:isakmp_info_recv(): > real.addr.totally-diff-subnet.4 ignore the packet, received unexpecting > payload type 187. > > ---Mike > Mike Tancsa (mdtancsa@sentex.net) > Sentex Communications Corp, > Waterloo, Ontario, Canada > "Given enough time, 100 monkeys on 100 routers > could setup a national IP network." (KDW2) > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011141404280.92064-100000>