On 5 Feb 2001, at 17:34, Volker Stolz wrote:
> In local.freebsd-hackers, you wrote:
> >spdadd 192.168.1.1 192.168.1.101 any -P out ipsec esp/transport//use
>ah/transport//use;
> >spdadd 192.168.1.101 192.168.1.1 any -P out ipsec esp/transport//use
>ah/transport//use;
>
> I can see no corresponding "... any -P in" rules. Did you forget them only
> in the posting? If not, this is likely to be a source of confusion.
Thanks. That was the problem.
I've been able to get most things working. However, when I involve NAT
some things break. I'm not using AH, just ESP. I can get ESP working
without NAT and have http, ping, going. No problems. But if I try from
an external box, involving NAT, ping works, but not http. Not sure why.
A tcpdump shows the incoming ESP requests, but nothing going back
out. I'm positive I have the keys correct as ping works and tcpdump
shows incoming ping request and outgoing ping replies.
Quite odd.
--
Dan Langille
pgpkey - finger [EMAIL PROTECTED] | http://unixathome.org/finger.php
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
