Strange problem with IPSEC, not entirely transparent.

• Previous message: Andrew Thompson: "Re: if_bridge broadcast"
• Next in thread: Baldur Gislason: "Re: Strange problem with IPSEC, not entirely transparent."
• Reply: Baldur Gislason: "Re: Strange problem with IPSEC, not entirely transparent."
• Reply: KAMADA Ken'ichi: "Re: Strange problem with IPSEC, not entirely transparent."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 22 Nov 2005 21:52:53 +0000
To: freebsd-net@freebsd.org

I recently set up IPSEC communications between two hosts I have in different places.
One is FreeBSD 5.4-STABLE August 22. 2005. The other is 4.11-STABLE April 18th 2005.
I run a gif tunnel between them and routes for networks found on both sides are negotiated
by quagga using ospf.
the internet ips of the hosts are not listed as networks in ospfd.conf because that would
break the tunnel.

Now, here's the problem. When I have spmd and iked running on both ends, and everything between
the hosts goes by IPSEC, comms over the tunnel work fine but I cannot connect to any TCP ports
on the 5.4 machine from the 4.10 machine.
I can connect from the 5.4 machine to the 4.10 machine though.
Both machines can ping each other, no problems there. And all comms that go through the gif0 tunnel
work.

I tried flushing ipfw on both ends, no luck.
Any ideas?

Baldur

_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Andrew Thompson: "Re: if_bridge broadcast"
• Next in thread: Baldur Gislason: "Re: Strange problem with IPSEC, not entirely transparent."
• Reply: Baldur Gislason: "Re: Strange problem with IPSEC, not entirely transparent."
• Reply: KAMADA Ken'ichi: "Re: Strange problem with IPSEC, not entirely transparent."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages RE: IPSEC tunnel issue.. ... > secure tunnel between these two networks and I'm having some ... > tunnel endpoints. ... you're running the FreeBSD firewall in ... build the tunnel and route anything that isn't through the ... (freebsd-questions) FreeBSD tunnels / performance etal (gif/tun etc.) ... We've routed multiple class C networks over the tunnel - only to find the ... If I do a transfer from the machines 'wan' facing addresses directly, ... (freebsd-questions) Cisco VPN AIM: is really needed for me? ... public /29 range for my servers ... I wuold like to establish a VPN Tunnel from site A to site B: ... I am not sure if I will use 3DES 168 or AES. ... networks: no file sharing, no netbios in it, just some RDP, ssh connections ... (comp.dcom.sys.cisco) Re: Exchange issue with browsing accross IP Sec tunnel ... we can only use above 200mtu pings onto one of the networks the other ones ... We have occasionally seen a problem with IPSEC tunnels where the tunnel ... so now AD is also not able to replicate changes from site to ... (microsoft.public.exchange.admin) Re: Kerio PF 4 question ... > networks, and in another state I have a Sonicwall Pro 300. ... > ping one of the internal resources to establish the VPN connection. ... > Now that I'm trying out Kerio, if I have it turned on, the tunnel will ... > establish the tunnel, I have to disable the firewall, ping, then turn ... (comp.security.firewalls)