Date: Wed, 16 Apr 2003 07:36:21 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Crist J. Clark" <cjc@FreeBSD.org> Cc: freebsd-hackers@FreeBSD.org Subject: Re: Single IP host and IPsec tunnel mode experience Message-ID: <20030416123621.GC72501@madman.celabo.org> In-Reply-To: <20030416052335.GA2519@blossom.cjclark.org> References: <20030410161511.GA25681@madman.celabo.org> <20030416052335.GA2519@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 15, 2003 at 10:23:35PM -0700, Crist J. Clark wrote: > 'uname -a'? The endpoints were both 4.7. > I can't reproduce this on a 4.8 to 4.7 tunnel. On > 192.168.64.70, > > spdadd 192.168.64.70/32 10.0.0.0/24 any -P out > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require; > spdadd 10.0.0.0/24 192.168.64.70/32 any -P in > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require; > > And on 192.168.64.20, the gateway to 10.0.0.0/24, > > spdadd 192.168.64.70/32 10.0.0.0/24 any -P in > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require; > spdadd 10.0.0.0/24 192.168.64.70/32 any -P out > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require; > > Works fine. Hmm, yes, that appears to be exactly what I'm trying to do. Well, that's heartening ... it means that there is likely some anomoly in my environment that is hosing me. Now if only I can figure what it is :-) -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030416123621.GC72501>