Re: IPSec troubles
From: Crist J. Clark (cristjc_at_comcast.net)
Date: 03/29/04
- Previous message: Julian Elischer: "Re: Disabling VLAN_HWTAGGING"
- In reply to: Cyrill Rüttimann: "IPSec troubles"
- Next in thread: Bjoern A. Zeeb: "Re: IPSec troubles"
- Reply: Bjoern A. Zeeb: "Re: IPSec troubles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 29 Mar 2004 13:40:58 -0800 To: Cyrill R?ttimann <ruettimac@mac.com>
On Mon, Mar 29, 2004 at 12:06:21AM +0200, Cyrill R?ttimann wrote:
> Hello,
>
> I have troubles setting up an IPSec Host-to-Host connection between
> FreeBSD 5.2.1 and MacOS X 10.3.3:
Last I knew, 5.2.1 still had broken IPsec. Specifically, the system
tries to apply the IPsec policy to the IKE traffic giving us a chicken
and egg problem. The Mac end timing out waiting to hear from the
FreeBSD system is consistent with this. Run 'tcpdump -n port 500' on
the FreeBSD system and watch for outgoing traffic, and have a look at
'netstat -sp ipsec' and see if the 'outbound packets with no SA
available' count is increasing.
The workaround was to not use IPSEC in the kernel, but FAST_IPSEC.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Julian Elischer: "Re: Disabling VLAN_HWTAGGING"
- In reply to: Cyrill Rüttimann: "IPSec troubles"
- Next in thread: Bjoern A. Zeeb: "Re: IPSec troubles"
- Reply: Bjoern A. Zeeb: "Re: IPSec troubles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
