Date: Wed, 20 Nov 2002 08:51:55 -0500 From: Scott Ullrich <sullrich@CRE8.COM> To: 'Guido van Rooij' <guido@gvr.org>, Scott Ullrich <sullrich@CRE8.COM> Cc: 'Archie Cobbs' <archie@dellroad.org>, David Kelly <dkelly@HiWAAY.net>, "'greg.panula@dolaninformation.com'" <greg.panula@dolaninformation.com>, FreeBSD-stable@FreeBSD.ORG Subject: RE: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? SOLUTION A ND QUESTIONS Message-ID: <2F6DCE1EFAB3BC418B5C324F13934C9601D23C7A@exchange.corp.cre8.com>
next in thread | raw e-mail | index | archive | help
Gudio, Please do not take offense to my comment. I was simply letting you know I sent this to you yesterday. I sent 2 sets of outputs from the commands, the first time before switching to transport mode from tunnel. After switching I tried every rule variation I could think of to no avail. After looking at the below message, I cannot honestly see a differece between the setkey -D -P commands besides the IP's that are in use. Can you eloborate a little? Again, please do not take a offense to my messages; its very easy to take email tone out of context. -Scott -----Original Message----- From: Guido van Rooij [mailto:guido@gvr.org] Sent: Wednesday, November 20, 2002 8:37 AM To: Scott Ullrich Cc: 'Archie Cobbs'; David Kelly; 'greg.panula@dolaninformation.com'; FreeBSD-stable@FreeBSD.ORG Subject: Re: IPsec/gif VPN tunnel packets on wrong NIC in ipfw? SOLUTION A ND QUESTIONS On Wed, Nov 20, 2002 at 08:33:45AM -0500, Scott Ullrich wrote: > I sent this to you yesterday but here goes again.... Look here mister, I am trying to help you. You keep telling me that things do not work, yet you refuse to read my advise. I already told you EXACTLY what to do yesterday. And I told you yesterday to use something else as this: > > Bash# setkey -D -P > 10.2.0.0/24[any] 10.1.0.0/24[any] any > in ipsec > esp/transport/10.0.250.11-10.0.250.10/require > spid=1 seq=1 pid=577 > refcnt=1 > 10.1.0.0/24[any] 10.2.0.0/24[any] any > out ipsec > esp/transport/10.0.250.10-10.0.250.11/require > spid=2 seq=0 pid=577 > refcnt=1 Use the fllowing: > 10.0.250.11/32[any] 10.0.250.10/32[any] any > in ipsec > esp/transport/10.0.250.11-10.0.250.10/require > spid=1 seq=1 pid=577 > refcnt=1 > 10.0.250.10/32[any] 10.0.250.10/32[any] any > out ipsec > esp/transport/10.0.250.10-10.0.250.11/require > spid=2 seq=0 pid=577 > refcnt=1 -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F6DCE1EFAB3BC418B5C324F13934C9601D23C7A>