And another observation, sorry for flooding the list like this. The 4.11 box is compiled with IPSEC_DEBUG but the 5.4 box isn't.
Baldur On Tue, Nov 22, 2005 at 09:57:24PM +0000, Baldur Gislason wrote: > Adding: > If I kill spmd on the 5.4 box, then all works fine but the comms are only > encrypted in one direction. > > Baldur > > On Tue, Nov 22, 2005 at 09:52:53PM +0000, Baldur Gislason wrote: > > I recently set up IPSEC communications between two hosts I have in > > different places. > > One is FreeBSD 5.4-STABLE August 22. 2005. The other is 4.11-STABLE April > > 18th 2005. > > I run a gif tunnel between them and routes for networks found on both sides > > are negotiated > > by quagga using ospf. > > the internet ips of the hosts are not listed as networks in ospfd.conf > > because that would > > break the tunnel. > > > > Now, here's the problem. When I have spmd and iked running on both ends, > > and everything between > > the hosts goes by IPSEC, comms over the tunnel work fine but I cannot > > connect to any TCP ports > > on the 5.4 machine from the 4.10 machine. > > I can connect from the 5.4 machine to the 4.10 machine though. > > Both machines can ping each other, no problems there. And all comms that go > > through the gif0 tunnel > > work. > > > > I tried flushing ipfw on both ends, no luck. > > Any ideas? > > > > Baldur > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
