Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Jan 2015 23:46:41 +0000
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Aristedes Maniatis <ari@ish.com.au>
Cc:        freebsd-stable <freebsd-stable@freebsd.org>
Subject:   Re: ipsec routing issue
Message-ID:  <8D8CA37C-B699-467A-A84B-85D05FE0E8B2@lists.zabbadoz.net>
In-Reply-To: <54A2367D.8030600@ish.com.au>
References:  <54A17F33.2020708@ish.com.au> <AE3247B4-5692-4143-B8D4-3E5783C6F2CF@lists.zabbadoz.net> <54A2367D.8030600@ish.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 

> On 30 Dec 2014, at 05:22 , Aristedes Maniatis <ari@ish.com.au> wrote:
>=20
> On 30/12/2014 4:23am, Bjoern A. Zeeb wrote:
>>=20
>>> On 29 Dec 2014, at 16:20 , Aristedes Maniatis <ari@ish.com.au> =
wrote:
>>>=20
>=20
>=20
>>> But how does the OS know where to send traffic to =
$remote_internal_address? Is that something racoon takes care of?
>>=20
>> No, there are no routes involved; your security policy deals with =
this.   setkey -DP is your friend.   You can have racoon inject the =
policy for you if you want, otherwise ipsec.conf is where it goes.
>=20

=E2=80=A6
> Am I right in saying that I would not get this far if setkey wasn't =
already correct?
>=20
>=20
> But still I cannot ping the remote internal IP (203.29.62.129). I also =
notice that other addresses in the remote network except for the remote =
firewall itself are not sent through the tunnel. I guess I'll need to =
add a route for those after all.
>=20
> Are you able to suggest my next step in diagnosis. Everything seems to =
be working... other than traffic going into the tunnel and coming out =
the other side :-)


Hint:  not sure if you are testing from the gateway itself;  if you do =
you might have to use a specific source address (internal) with =
ping/telnet/etc.

Otherwise, read man setkey on the difference of =E2=80=9Cuse=E2=80=9D =
vs. =E2=80=9Crequire=E2=80=9D vs. =E2=80=9Cunique=E2=80=9D for the level =
in the policy part.


=E2=80=94=20
Bjoern A. Zeeb                                  Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life.  Many might have failed
 beneath the bitterness of their trial  had they not found a friend."

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8D8CA37C-B699-467A-A84B-85D05FE0E8B2>