At Tue, 22 Nov 2005 21:52:53 +0000, Baldur Gislason <[EMAIL PROTECTED]> wrote: > > Now, here's the problem. When I have spmd and iked running on both ends, and > everything between > the hosts goes by IPSEC, comms over the tunnel work fine but I cannot connect > to any TCP ports > on the 5.4 machine from the 4.10 machine. > I can connect from the 5.4 machine to the 4.10 machine though. > Both machines can ping each other, no problems there. And all comms that go > through the gif0 tunnel > work.
You mean that TCP outside the gif tunnel doesn't work only in one direction? If you set IPsec keys (and policies) manually, does it work? If manual keying works, then... You mentioned spmd and iked, so I suspect you are using racoon2 (!= racoon), right? If so, please send racoon2.conf, SPD and SAD (output of "setkey -DP" and "setkey -D"), iked's log, and other config if relevant (all on both ends). If they are too big, you can send them to me off-list. # OTOH, If it is racoon you actually wanted to use, it's now contained # in security/ipsec-tools ports. At Tue, 22 Nov 2005 21:57:24 +0000, Baldur Gislason <[EMAIL PROTECTED]> wrote: > > Adding: > If I kill spmd on the 5.4 box, then all works fine but the comms are only > encrypted in one direction. Killing spmd causes removal of SPD entries generated by racoon2. -- KAMADA Ken'ichi <[EMAIL PROTECTED]> @racoon2 project _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
