Hello! сб, 4 мая 2019 г. в 21:01, Scott Aitken <freebsd-list...@thismonkey.com>:
> > On 5/2/2019 4:16 PM, KOT MATPOCKuH wrote: > > > 0.The ipsec-tools port currently does not have a maintainer (C) > portmaster > > > ... Does this solution really supported? Or I should switch to use > > > another IKE daemon? > > I've just started using IPSEC between a 12.0-RELEASE box, a 11.2-RELEASE-p9 > box and a Cisco IOS router. > What type of peers_identifier are You using? I'm using asn1dn... And today I got a coredump on 3rd host in: #0 0x000000000024717f in privsep_init () I haven't seen any core dumps or crashes. I run routing between these > devices (using RIPv2 rather than OSPF) - in order to do this you need to > create tunnels between the devices because encrypting routing protocols and > things that use multicast is tricky. I felt that that the handbook example > was lacking - it should have been encrypting the tunnel endpoints and NOT > the > LAN traffic on either side of the tunnel. > I used pointtomultipoint topology and hardcoded peer's IP addresses for OSPF. No multicast => no problems :) > Anyway I built IPENCAP (aka IPinIP) tunnels using gif interfaces and > configured racoon/ipsec-tools to build the SA/SADs using the tunnel > endpoints > and IP protocol 4 (IPENCAP). > I think my next step will be try to use gre tunnels over ipsec with psk authentication. If you want the configs let me know. > No, thanks You! :) -- MATPOCKuH _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
