I have two freebsd 5.0 boxes authenticating at stage one of the VPN, however stage 2
fails. with:
ph2begin_r(): respond new phase 2 negotiation: 10.0.0.1[0]<=>10.0.0.2[0]
get_proposal_r(): no policy found: 10.0.0.2/32[0] 0.0.0.0/0[0] proto=any dir=in
quick_r1recv(): failed to get proposal for responder.
_ph2begin_r(): failed to pre-process packet.
I'm a bit new too this, so I'm guessing the lack of a policy refers to my SPD
Database. Setkey -DP looks like this:
0.0.0.0/0[any] 10.0.0.1[any] any
in ipsec
esp/tunnel/10.0.0.2-10.0.0.1/require
spid=19 seq=1 pid=770
refcnt=1
10.0.0.1[any] 0.0.0.0/0[any] any
out ipsec
esp/tunnel/10.0.0.1-10.0.0.2/require
spid=18 seq=0 pid=770
refcnt=1
As I understand it, this means all packets heading too or from 10.0.0.1 must be
encapsulated (which is what I want, as I'm running a VPN between too FreeBSD gateway
boxes). If I replace the 0.0.0.0/0 with the IP of the other boxes inteface (i.e.
10.0.0.2) the VPN works between 10.0.0.1<->10.0.0.2, but other traffic from other
interfaces is not encrypted. Any help in resolving/understanding this issue is greatly
appericated.
Many Thanks
Colin
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
