From owner-freebsd-security  Sun Mar 11 20:50:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtprelay1.adelphia.net (smtprelay1.adelphia.net [64.8.25.6])
	by hub.freebsd.org (Postfix) with ESMTP
	id A58A837B719; Sun, 11 Mar 2001 20:50:09 -0800 (PST)
	(envelope-from packetwhore@stargate.net)
Received: from pa-westmifflin1a-385.pit.adelphia.net
          ([24.48.239.129]) by smtprelay1.adelphia.net (Netscape Messaging
          Server 4.15) with ESMTP id GA2IQX00.U4C; Sun, 11 Mar 2001 23:49:45 -0500 
Date: Sun, 11 Mar 2001 23:42:59 -0500 (EST)
From: pW <packetwhore@stargate.net>
X-X-Sender: <packetwhore@beastie>
To: Bob Van Valzah <Bob@Talarian.Com>
Cc: <FreeBSD-Security@FreeBSD.Org>, <FreeBSD-Questions@FreeBSD.Org>
Subject: Re: Racoon Problem & Cisco Tunnel
In-Reply-To: <3AAC52F4.1000602@Talarian.Com>
Message-ID: <Pine.BSF.4.32.0103112341130.11277-100000@beastie>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Out of curiosity...
do your DSL users have public static IPs? I work at an ISP and almost all
of our DSL customers have static private IPs and use NAT for public
ones... just wondering because you may have to enable some sort of NAT
transparency otherwise it may break the VPN...

just a thought...

shawn

On Sun, 11 Mar 2001, Bob Van Valzah wrote:

> I have several remote FreeBSD users who want to connect their home LANs
> to my trusted network over an IPSec tunnel via a DSL connection. I'd
> like my end of the tunnel to terminate on a Cisco if possible. (Though I
> do have many FreeBSD boxes handy, I just feel better when layer-2
> infrastructure doesn't depend on boxes with hard drives.) Any general
> advice on how to do this would be appreciated.
>
> As near as I can tell, I have to run racoon and configure it for
> pre-shared keys to talk to the cisco. But I don't think the racoon is
> even starting right. I get this message: "ERROR:
> pfkey.c:207:pfkey_handler(): pfkey X_SPDDUMP failed No such file or
> directory." Happens with the config files I've written and the stock
> ones. I'm running a freshly sup'd box with racoon-20010222a built from
> ports.
>
> All help and advice appreciated.
>
>    Thanks,
>
>    Bob
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message