Yeah the whole GIF interface thing seemed weird to me too. I'm in much the same situation I'm connecting to a Watchguard device, similar to the router I guess you are hooking to.
I did get it to start trying to send, using the ping command. Never thought I had to kick start the data going to it to get it to connect, but I guess I do. So now I have another problem 2012-07-07 00:16:02: INFO: initiate new phase 1 negotiation: 192.186.0.33[500]<=>my.rou. ter.ip[500] 2012-07-07 00:16:02: INFO: begin Identity Protection mode. 2012-07-07 00:16:02: DEBUG: new cookie: dad1f78e51bb5b7e 2012-07-07 00:16:02: DEBUG: add payload of len 52, next type 13 2012-07-07 00:16:02: DEBUG: add payload of len 16, next type 0 2012-07-07 00:16:02: ERROR: *phase1 negotiation failed due to send error. dad1f78e51bb5b7e:0000000000000000* 2012-07-07 00:16:02: ERROR: failed to begin ipsec sa negotication. I think I know what it is though, I recompiled the kernel with just option IPSEC the first time and I got an error about unable to set a flag on the rl0 interface, so I found out if you add option IPSEC_NAT_T in there the error goes away. So I am recompiling the kernel with just IPSEC. I'll let you know how it works after its done. It takes awhile, its an old Pentium 4 machine with 400 M of ram and a laptop. The AMD 6 core w/16 G ram I hope one day to set up to run FreeBSD will be much nicer. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
