Date: Sun, 20 Apr 2003 11:55:38 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: "Crist J. Clark" <cjc@FreeBSD.org>, freebsd-hackers@FreeBSD.org Subject: Re: Single IP host and IPsec tunnel mode experience Message-ID: <20030420165538.GA31101@madman.celabo.org> In-Reply-To: <20030416123621.GC72501@madman.celabo.org> References: <20030410161511.GA25681@madman.celabo.org> <20030416052335.GA2519@blossom.cjclark.org> <20030416123621.GC72501@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 16, 2003 at 07:36:21AM -0500, Jacques A. Vidrine wrote: > On Tue, Apr 15, 2003 at 10:23:35PM -0700, Crist J. Clark wrote: > > 'uname -a'? > > The endpoints were both 4.7. > > > I can't reproduce this on a 4.8 to 4.7 tunnel. On > > 192.168.64.70, > > > > spdadd 192.168.64.70/32 10.0.0.0/24 any -P out > > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require; > > spdadd 10.0.0.0/24 192.168.64.70/32 any -P in > > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require; > > > > And on 192.168.64.20, the gateway to 10.0.0.0/24, > > > > spdadd 192.168.64.70/32 10.0.0.0/24 any -P in > > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require; > > spdadd 10.0.0.0/24 192.168.64.70/32 any -P out > > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require; > > > > Works fine. > > Hmm, yes, that appears to be exactly what I'm trying to do. Well, > that's heartening ... it means that there is likely some anomoly in my > environment that is hosing me. Now if only I can figure what it is :-) Oddly enough ... ESP works, AH does not. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030420165538.GA31101>