Date: Sun, 5 May 2019 03:18:22 +1000 From: Scott Aitken <freebsd-lists-5@thismonkey.com> To: freebsd-stable@freebsd.org Subject: Re: route based ipsec Message-ID: <20190504171822.GA27671@thismonkey.com> In-Reply-To: <mailman.11.1556971200.11143.freebsd-stable@freebsd.org> References: <mailman.11.1556971200.11143.freebsd-stable@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 5/2/2019 4:16 PM, KOT MATPOCKuH wrote: > > 0.The ipsec-tools port currently does not have a maintainer (C) portmaster > > ... Does this solution really supported? Or I should switch to use > > another IKE daemon? I've just started using IPSEC between a 12.0-RELEASE box, a 11.2-RELEASE-p9 box and a Cisco IOS router. I haven't seen any core dumps or crashes. I run routing between these devices (using RIPv2 rather than OSPF) - in order to do this you need to create tunnels between the devices because encrypting routing protocols and things that use multicast is tricky. I felt that that the handbook example was lacking - it should have been encrypting the tunnel endpoints and NOT the LAN traffic on either side of the tunnel. Anyway I built IPENCAP (aka IPinIP) tunnels using gif interfaces and configured racoon/ipsec-tools to build the SA/SADs using the tunnel endpoints and IP protocol 4 (IPENCAP). Step 1 was to confirm I could PING over the gif tunnel without crytpo. Then I fired up racoon (setkey to create the SA and racoon for IPSEC). If you want the configs let me know. Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190504171822.GA27671>