RE: FreeBSD and IPSEC

Thu, 24 May 2001 15:37:13 -0700 

Ok, I see a switch for it on the setkey(8) man but I can't seem to get it
too take.  I keep getting an invalid argument

here is the man page section

extensions
             takes some of the following:
             -m mode     Specify an security protocol mode for use.  By de-
                         fault, any. mode is one of following: transport,
                         tunnel or any.
             -r size     Specify window size of bytes for replay prevention.
                         size must be decimal number in 32-bit word.  If
size
                         is zero or not specified, replay check don't take
                         place.
             -f pad_option
                         pad_option is one of following: zero-pad,
random-pad
                         or seq-pad
             -f cyclic-seq
                         Allow cyclic sequence number.
             -lh time
             -ls time    Specify hard/soft lifetime.

add x.x.x.x y.y.y.y esp 9983 -m any -f cyclic-seq -E 3des-cbc "mysecret";
add y.y.y.y x.x.x.x esp 9984 -m any -f cyclic-seq -E 3des-cbc "mysecret";


Has something changed on this that I can't find the info on?

Brandt Everett

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
e-mail:   [EMAIL PROTECTED]
webpage:      www.bentonrea.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-



> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Matt Dillon
> Sent: Thursday, May 24, 2001 1:16 PM
> To: Brandt Everett
> Cc: [EMAIL PROTECTED]
> Subject: Re: FreeBSD and IPSEC
>
>
> :I have two remote offices.  I am running FreeBSD ver 4.0R on
> all three
> :firewalls.  I would like to create two VPN between the
> remote offices and
> :our HQ here.  I can create a VPN connection using the gif and
> :esp/tunnel//require, without the racoon, but from time to
> time the remote
> :offices loose communication with the HQ.  If I allow routing
> between the
> :remote sites, without the VPN or encryption they work just
> fine.  There are
> :some ipfw rules in place, but this happens even if I open
> the firewall up
> :all the way.
> :
> :Does anyone have any suggestions for troubleshooting this?
> Any ideas on
> :where to continue looking for problems?  I'm not looking for
> answers(unless
> :you got them) I'm looking for the next place to look.
> :
> :Brandt Everett
>
>     I did an IPSEC tunnel once with the same problem.  It
> turned out that
>     cyclic sequence numbers were not being allowed (I guess
> for security
>     reasons).  Any sort of packet loss caused the VPN to stop working.
>     Allowing cyclic sequence numbers fixed the problem.
>
>     Unfortunately, this was a year ago so I don't have the config file
>     to show you. I'm not sure where you specify it in the config.
>
>                                               -Matt


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message

Reply via email to