Re: FreeBSD (Racoon) / Draytek Setup
From: Helge Oldach (helge.oldach_at_atosorigin.com)
Date: 02/26/04
- Previous message: Max Laier: "HEADS UP: pf import"
- In reply to: Steve Greenshaw: "FreeBSD (Racoon) / Draytek Setup"
- Next in thread: Steve Greenshaw: "Re: FreeBSD (Racoon) / Draytek Setup"
- Reply: Steve Greenshaw: "Re: FreeBSD (Racoon) / Draytek Setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: steve@softgreen.co.uk (Steve Greenshaw) Date: Thu, 26 Feb 2004 08:40:21 +0100 (MET)
Steve Greenshaw:
>################
>spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec
>esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require;
>spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec
>esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require;
>################
Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip"
encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this
is just meaningless here as the gif interface just acts as a routing
placeholder and doesn't actually transport traffic.)
The other thing you might want to try is using "unique" instead of
"require". This is necessary for ESP tunnel mode against Cisco boxes,
and probably will catch your case as well.
Maybe someone can explain the difference between these two? The manpage
isn't really verbose...
Regards,
Helge
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Max Laier: "HEADS UP: pf import"
- In reply to: Steve Greenshaw: "FreeBSD (Racoon) / Draytek Setup"
- Next in thread: Steve Greenshaw: "Re: FreeBSD (Racoon) / Draytek Setup"
- Reply: Steve Greenshaw: "Re: FreeBSD (Racoon) / Draytek Setup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
