From owner-freebsd-stable  Wed Nov 20  5:37:32 2002
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A33037B408
	for <FreeBSD-stable@FreeBSD.ORG>; Wed, 20 Nov 2002 05:37:31 -0800 (PST)
Received: from gvr.gvr.org (gvr.gvr.org [212.61.40.17])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1B3D743E91
	for <FreeBSD-stable@FreeBSD.ORG>; Wed, 20 Nov 2002 05:37:29 -0800 (PST)
	(envelope-from guido@gvr.org)
Received: by gvr.gvr.org (Postfix, from userid 657)
	id 494792A7; Wed, 20 Nov 2002 14:37:23 +0100 (CET)
Date: Wed, 20 Nov 2002 14:37:23 +0100
From: Guido van Rooij <guido@gvr.org>
To: Scott Ullrich <sullrich@CRE8.COM>
Cc: 'Archie Cobbs' <archie@dellroad.org>,
	David Kelly <dkelly@HiWAAY.net>,
	"'greg.panula@dolaninformation.com'" <greg.panula@dolaninformation.com>,
	FreeBSD-stable@FreeBSD.ORG
Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? SOLUTION A ND QUESTIONS
Message-ID: <20021120133722.GB74616@gvr.gvr.org>
References: <2F6DCE1EFAB3BC418B5C324F13934C9601D23C78@exchange.corp.cre8.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <2F6DCE1EFAB3BC418B5C324F13934C9601D23C78@exchange.corp.cre8.com>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Wed, Nov 20, 2002 at 08:33:45AM -0500, Scott Ullrich wrote:
> I sent this to you yesterday but here goes again....

Look here mister, I am trying to help you.
You keep telling me that things do not work, yet you refuse to read
my advise. I already told you EXACTLY what to do yesterday.
And I told you yesterday to use something else as this:

> 
> Bash# setkey -D -P
> 10.2.0.0/24[any] 10.1.0.0/24[any] any
>         in ipsec
>         esp/transport/10.0.250.11-10.0.250.10/require
>         spid=1 seq=1 pid=577
>         refcnt=1
> 10.1.0.0/24[any] 10.2.0.0/24[any] any
>         out ipsec
>         esp/transport/10.0.250.10-10.0.250.11/require
>         spid=2 seq=0 pid=577
>         refcnt=1

Use the fllowing:


> 10.0.250.11/32[any] 10.0.250.10/32[any] any
>         in ipsec
>         esp/transport/10.0.250.11-10.0.250.10/require
>         spid=1 seq=1 pid=577
>         refcnt=1
> 10.0.250.10/32[any] 10.0.250.10/32[any] any
>         out ipsec
>         esp/transport/10.0.250.10-10.0.250.11/require
>         spid=2 seq=0 pid=577
>         refcnt=1


-Guido

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message