18 messages in org.freebsd.freebsd-securityRe: Can't set up an IPsec tunnel.| From | Sent On | Attachments |
|---|---|---|
| dr3node | Jan 24, 2002 7:47 am | |
| Lawrence Sica | Jan 24, 2002 9:59 am | |
| dr3node | Jan 24, 2002 10:43 am | |
| Eric Anderson | Jan 24, 2002 10:54 am | |
| dr3node | Jan 24, 2002 10:56 am | |
| Eric Anderson | Jan 24, 2002 11:05 am | |
| Lawrence Sica | Jan 24, 2002 11:05 am | |
| Eric Anderson | Jan 24, 2002 11:06 am | |
| Lawrence Sica | Jan 24, 2002 11:22 am | |
| Kerin Millar | Jan 24, 2002 11:26 am | |
| Eric Anderson | Jan 24, 2002 11:29 am | |
| Thomas T. Veldhouse | Jan 24, 2002 11:43 am | |
| Nate Williams | Jan 24, 2002 12:01 pm | |
| Nate Williams | Jan 24, 2002 12:06 pm | |
| Eric Anderson | Jan 24, 2002 12:11 pm | |
| Nate Williams | Jan 24, 2002 12:14 pm | |
| Peter Chiu | Jan 24, 2002 1:26 pm | |
| Vadim E. Martysh | Jan 24, 2002 2:11 pm |
| Subject: | Re: Can't set up an IPsec tunnel. | |
|---|---|---|
| From: | Eric Anderson (ande...@centtech.com) | |
| Date: | Jan 24, 2002 10:54:46 am | |
| List: | org.freebsd.freebsd-security | |
IPSEC won't work through masquarading boxes or NAT firewalls.
Eric
dr3node wrote:
i've read everything i could find. that is the latest try: Remote host:
ifconfig gif0 create tunnel 222.222.22.2 111.111.11.1 ifconfig gif0 inet 222.222.22.2 192.168.0.1 netmask 0xffffff00 setkey -FP setkey -F ipsec.conf: // spdadd 0.0.0.0/0 192.168.0.0/24 any -P out ipsec esp/tunnel/222.222.22.2-111.111.11.1/require; spdadd 192.168.0.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/111.111.11.1-222.222.22.2/require; // + racoon with the keys in /usr/local/etc/racoon/psk.txt setkey -f /etc/ipsec.conf
Local gateway:
ifconfig fxp0 111.111.11.1 netmask 0xffffffff alias ifconfig gif0 create tunnel 111.111.11.1 222.222.22.2 ifconfig gif0 inet 192.168.0.1 222.222.22.2 netmask 0xffffff00 setkey -FP setkey -F
ipsec.conf: // spdadd 192.168.0.0/24 0.0.0.0/0 any -P out ipsec esp/tunnel/111.111.11.1-222.222.22.2/require; spdadd 0.0.0.0/0 192.168.0.0/24 any -P in ipsec esp/tunnel/222.222.22.2-111.111.11.1/require; //
+ racoon with the keys in /usr/local/etc/racoon/psk.txt setkey -f /etc/ipsec.conf and the connection on the gate drops down. the error is: /kernel: gif_output: recursively called too many times(2)
i'm wondering what if any troubles because of that RedHat gate with the masquarade or because of my stupidy.
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
--
------------------------------------------------------------------ Eric Anderson ande...@centtech.com Centaur Technology If at first you don't succeed, sky diving is probably not for you.
------------------------------------------------------------------
To Unsubscribe: send mail to majo...@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message