Erik Norvelle wrote: > --- Begin included file --- flush; spdflush; > > # Note that the add rules are the same as on Node B! spdadd > 10.20.0.0/24 192.168.1.0/24 any -P in ipsec esp/tunnel/xxx.yyy.40.122-xxx.yyy.40.135/require; >
> spdadd 192.168.1.0/24 10.20.0.0/24 any -P out ipsec esp/tunnel/xxx.yyy.40.135-xxx.yyy.40.122/require; > > --- End included file --- You are adding SPD entries but not SAD entries. See setkey(8). Oh wait, you're using IKE, which should negotiate trhe SAD entries. > For the test situation, I have set up my ipfilter to allow > everything to pass, both in and out, on both the internal and > external interfaces. Also, I have turned off IPNAT completely. Good, this should simplify things. > However, tunnel mode between the two internal networks does not > produce any IPSEC packets or key exchange traffic at all. I'm not sure I understand what you mean here. You are trying to set up tunnel mode between the two gateways, right? (And what goes inside the tunnel are packets between the two end networks.) All in all, it looks like your problem might be IKE-related, maybe a config problem with racoon? I've never used it myself, but you could try asking on [EMAIL PROTECTED] Lars -- Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute http://www.isi.edu/larse/ University of Southern California To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
