wrote:
>
> Hmmm,
>
> Maybe I do some error using gateway 10.20.0.1?
> Maybe I have to set something in route to network 10.10.1.x go
> throught gif0 interface?
First of all, find out what the other side configuration is. My
configuration was only proposal.
--
rega
"David DeSimone" wrote:
> Maciej Suszko wrote:
> >
> > > So as you write they should set: ??
> > > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90
> > > (other side)
> >
> > Yes, indeed.
> >
>
> > traffic between you and your peers, so doesn't it lead to a policy
> > loop of some sort? Will the IPSEC layer attempt to capture and
> > encrypt the IKE packets?
>
> Can you explain how can I check it? I new on it and I don't understand
> some things.
I've got such tunnels up and working - tunnel mode, encryption between
peers, without using any internal networks - strange, but working :) -
policy looks like that:
spdadd 195.x.x.x 213.x.x.x any -P out ipsec
esp/tunnel/195.x.x.x-213.x.x.x/require;
spdadd 213.x.x.x 195.x.x.x any -P in ipsec
esp/tunnel/213.x.x.x-195.x.x.x/require;
--
regards, Maciej Suszko.
signature.asc
Description: PGP signature
u write they should set: ??
> 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90
> (other side)
Yes, indeed.
> And additionaly I thing I should correct set spd policy to:
>
> spdadd 10.20.0.1 10.10.1.90 any -P out ipsec
> esp/tunnel/78.x.x.x-95.x.x.x/require;
> spdadd 10.10.1.90 10.20.0.1 any -P in ipsec
> esp/tunnel/95.x.x.x-78.x.x.x/require;
>
> Am I wrong?
No, you're right :)
You can set up the tunnel first - check whether both 10. are accessible
from both sides, then you "cover" communication between them with IPSEC.
--
regards, Maciej Suszko.
signature.asc
Description: PGP signature
time 3600 sec;
encryption_algorithm3des;
authentication_algorithmhmac_md5;
compression_algorithm deflate;
}
The other side needs to know you have 10.20.0.1 on your side of the
tunnel - this way you should have working IPSEC bettween both 10. ends.
--
regards, Maciej Suszko.
signature.asc
Description: PGP signature
ailing list. It was a year
> > ago or so...
1) Answer below the text.
2) The 'reboot' command should be used only when you're in single mode.
Use shutdown -r to clean reboot as written in reboot(8) and
shutdown(8).
I haven't looked at the script, but I think everything should be fine
if modules are loaded on boot and unloaded before reboot (within some
start/stop action).
--
regards, Maciej Suszko.
signature.asc
Description: PGP signature
nother problem is I can't put ipvs_vs_rr_load="yes" in the
> /boot/loader.conf file. The system will hang when it tried to boot the
> kernel with this ko loaded.
Hi,
Check the freebsd-clister archive - AFAIR I've tested ipvs+keepalived a
time ago and the panic problem wa
same nic?
>
> Or can ifconfig accomplish this task by someway else other than
> issuing the command twice?
Use ifconfig_rl0_alias0 for second task.
--
regards, Maciej Suszko.
signature.asc
Description: PGP signature
