On Mon, Mar 29, 2004 at 12:06:21AM +0200, Cyrill R?ttimann wrote:
> Hello,
>
> I have troubles setting up an IPSec Host-to-Host connection between
> FreeBSD 5.2.1 and MacOS X 10.3.3:
Last I knew, 5.2.1 still had broken IPsec. Specifically, the system
tries to apply the IPsec policy to the IKE traffic giving us a chicken
and egg problem. The Mac end timing out waiting to hear from the
FreeBSD system is consistent with this. Run 'tcpdump -n port 500' on
the FreeBSD system and watch for outgoing traffic, and have a look at
'netstat -sp ipsec' and see if the 'outbound packets with no SA
available' count is increasing.
The workaround was to not use IPSEC in the kernel, but FAST_IPSEC.
--
Crist J. Clark | [EMAIL PROTECTED]
| [EMAIL PROTECTED]
http://people.freebsd.org/~cjc/ | [EMAIL PROTECTED]
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
