Date: Tue, 6 Feb 2001 13:34:32 +1300 From: "Dan Langille" <dan@langille.org> To: Volker Stolz <stolz@I2.Informatik.RWTH-Aachen.DE> Cc: hackers@FreeBSD.ORG Subject: Re: ping over IPSEC works in only one direction Message-ID: <200102060015.f160FcE13503@ns1.unixathome.org> In-Reply-To: <20010205173444.A229@agamemnon.informatik.rwth-aachen.de> References: <200102051239.f15CdGE09532@ns1.unixathome.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5 Feb 2001, at 17:34, Volker Stolz wrote: > In local.freebsd-hackers, you wrote: > >spdadd 192.168.1.1 192.168.1.101 any -P out ipsec esp/transport//use ah/transport//use; > >spdadd 192.168.1.101 192.168.1.1 any -P out ipsec esp/transport//use ah/transport//use; > > I can see no corresponding "... any -P in" rules. Did you forget them only > in the posting? If not, this is likely to be a source of confusion. Thanks. That was the problem. I've been able to get most things working. However, when I involve NAT some things break. I'm not using AH, just ESP. I can get ESP working without NAT and have http, ping, going. No problems. But if I try from an external box, involving NAT, ping works, but not http. Not sure why. A tcpdump shows the incoming ESP requests, but nothing going back out. I'm positive I have the keys correct as ping works and tcpdump shows incoming ping request and outgoing ping replies. Quite odd. -- Dan Langille pgpkey - finger dan@unixathome.org | http://unixathome.org/finger.php To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102060015.f160FcE13503>