Date: Wed, 23 Apr 2003 12:16:34 +0200 (CEST) From: Ludo Koren <lk@tempest.sk> To: freebsd-current@freebsd.org Subject: IPsec on FreeBSD 5.0-RELEASE-p7 Message-ID: <200304231016.h3NAGYmq002991@lk.tempest.sk>
next in thread | raw e-mail | index | archive | help
After upgrading to FreeBSD 5.0-RELEASE-p7 (COMPAQ) #0: Sun Apr 20 21:50:49 CEST 2003 IPsec stopped working. I have the following options in the kernel configuration: options IPSEC #IP security options IPSEC_ESP #IP security (crypto; define w/ IPSEC) options IPSEC_DEBUG #debug for IP security and the IPsec configuration was working with FreeBSD 4.6: #! /bin/sh /sbin/ifconfig gif0 create tunnel 195.28.126.7 195.91.63.194 /usr/sbin/gifconfig gif0 inet 195.28.126.7 195.91.63.194 /sbin/ifconfig gif0 inet x.x.x.x netmask 255.255.255.255 y.y.y.0 netmask 255.255.255.0 up /usr/sbin/setkey -FP /usr/sbin/setkey -F /usr/sbin/setkey -c << EOF spdadd x.x.x.x/32 y.y.y.0/24 any -P out ipsec esp/tunnel/195.28.126.7-195.91.63.194/require; spdadd y.y.y.0/24 x.x.x.x/32 any -P in ipsec esp/tunnel/195.91.63.194-195.28.126.7/require; EOF /sbin/route add -net y.y.y.0 x.x.x.x 255.255.255.0 -iface /usr/local/sbin/racoon I can see via tcpdump on fxp0, ESP packets are going to the destination and back. But unfortunately, ping doesn't get the response. It seems, packets do not come back through gif0 interface, though tcpdump on fxp0 interface get them. Any hint is appreciated. Thanks, ludo
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200304231016.h3NAGYmq002991>