On 6/22/2010 3:55 PM, r...@dzie-ciuch.pl wrote:
I managed to do an IP in IP tunnel with IPsec encryption between a
FreeBSD and a cisco router running 12.1(mumble) several years ago.
It is a desirable option if you want to use routing (e.g. ospf). You
can't route an IPSec tunnel (actually, is th
But its working!!
Ralf
On Wed, 23 Jun 2010 13:34:52 +0200, Maciej Suszko
wrote:
> wrote:
>>
>> Hmmm,
>>
>> Maybe I do some error using gateway 10.20.0.1?
>> Maybe I have to set something in route to network 10.10.1.x go
>> throught gif0 interface?
>
> First of all, find out what the other
Thanks guys it's working.
I couldn't ping 10.10.1.90 (external network) but they could ping me.
I got another question: How to set another tunnel to me host like:
10.20.0.1 (my gif0) --> 78.x.x.x (my bce1) <---> 78.y.y.y <--> 10.20.1.1
I copy 2 lines (with changing ip's) so now i got 4 lines
wrote:
>
> Hmmm,
>
> Maybe I do some error using gateway 10.20.0.1?
> Maybe I have to set something in route to network 10.10.1.x go
> throught gif0 interface?
First of all, find out what the other side configuration is. My
configuration was only proposal.
--
regards, Maciej Suszko.
_
Hmmm,
Maybe I do some error using gateway 10.20.0.1?
Maybe I have to set something in route to network 10.10.1.x go throught
gif0 interface?
Ralf
On Wed, 23 Jun 2010 10:58:31 +0200, VANHULLEBUS Yvan
wrote:
> On Wed, Jun 23, 2010 at 10:52:19AM +0200, r...@dzie-ciuch.pl wrote:
> []
>> When
On Wed, Jun 23, 2010 at 10:52:19AM +0200, r...@dzie-ciuch.pl wrote:
[]
> When on one console i type tcpdump -i gif0 I don't receive any values!
> So I thing I should set route do it right?
>
> Can you tell me how to do it?
>
> netstat -rn print something like this:
> DestinationGatewa
>
> Looks like, but if you still can't ping, you still have an issue
> somewhere :-)
>
> First, check that you now have ESP packets going out from your IPsec
> gate when you try to ping.
>
>
> Then, usual issues at that step are:
>
> - something on the way blocks ESP packets. Solution may be
On Wed, Jun 23, 2010 at 10:37:18AM +0200, r...@dzie-ciuch.pl wrote:
[...]
> > Do you also have later some logs like:
> > : INFO : IPsec-SA established: ESP/Tunnel
> >
>
> Yes I got:
>
> 2010-06-23 10:18:06: DEBUG: pfkey UPDATE succeeded: ESP/Tunnel
> 95.x.x.x[0]->78.x.x.x[0] spi=224712000(0xd6
On Wed, 23 Jun 2010 10:32:29 +0200, VANHULLEBUS Yvan
wrote:
> On Wed, Jun 23, 2010 at 10:28:48AM +0200, r...@dzie-ciuch.pl wrote:
>> Ok I found that my psk.txt has got wrong permissions
>
> Yes, we'll have to set up a more explicit error message when psk file
> has wrong permissions.
Ok. I
On Wed, Jun 23, 2010 at 10:28:48AM +0200, r...@dzie-ciuch.pl wrote:
> Ok I found that my psk.txt has got wrong permissions
Yes, we'll have to set up a more explicit error message when psk file
has wrong permissions.
> Now I can get SAD keys!
>
> ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[
Ok I found that my psk.txt has got wrong permissions
Now I can get SAD keys!
ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[500]
spi:8a8881ee5182cbfb:53dab6ad5a65629d
But one thing - why can't I ping 10.10.1.90?
Regards
Ralf
On Wed, 23 Jun 2010 10:05:55 +0200, VANHULLEBUS Yvan
wrote:
> On Wed
On Wed, Jun 23, 2010 at 09:53:56AM +0200, r...@dzie-ciuch.pl wrote:
>
> Hi,
Hi.
> I set everything like you wrote and I can send and receice packets but
> still I can't ping to host 10.10.1.90,
> and when I type #setkey -D there is no SAD entry
>
> What could it be?
>
> This is part of racoon
Hi,
I set everything like you wrote and I can send and receice packets but
still I can't ping to host 10.10.1.90,
and when I type #setkey -D there is no SAD entry
What could it be?
This is part of racoon log:
Jun 23 09:43:57 czesio racoon: DEBUG: ===
Jun 23 09:43:57 czesio racoon: DEBUG: comp
Hi.
On Tue, Jun 22, 2010 at 07:08:19PM +0200, Maciej Suszko wrote:
[]
> Set up a gif tunnel in rc.conf:
>
> cloned_interfaces="gif0"
> ifconfig_gif0="tunnel 78.x.x.x 95.x.x.x"
> ifconfig_gif0_alias0="10.20.0.1 netmask 255.255.255.255 10.10.1.90"
>
> 10.20.0.1 is your internal end of the tunn
wrote:
> I forgot send last time - on the other side is cisco router ...
Perhaps vpnc would be easier to set up than raccoon?
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail t
>
> I managed to do an IP in IP tunnel with IPsec encryption between a
> FreeBSD and a cisco router running 12.1(mumble) several years ago.
>
> It is a desirable option if you want to use routing (e.g. ospf). You
> can't route an IPSec tunnel (actually, is this now possible with enc0
> inter
On 6/22/2010 2:22 PM, David DeSimone wrote:
Maciej Suszko wrote:
So as you write they should set: ??
10.20.0.1 (my ip on gif device)<-> 78.x<-> 95.x<-> 10.10.1.90
(other side)
Yes, indeed.
And additionaly I thing I should correct set spd policy to:
spdadd 10.20.0.1 10.10.1.90 any -P o
"David DeSimone" wrote:
> Maciej Suszko wrote:
> >
> > > So as you write they should set: ??
> > > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90
> > > (other side)
> >
> > Yes, indeed.
> >
> > > And additionaly I thing I should correct set spd policy to:
> > >
> > > spdadd 1
Thanks guys, I try it tomorrow and I send you is it works or not.
Regards
Ralf
On Tue, 22 Jun 2010 20:26:36 +0200, Maciej Suszko
wrote:
> wrote:
>>
>> Hi,
>>
>> I try to set VPN like I wrote earlier.
>> 78.x is server and this is not NAT. He dont forward anything.
>>
>> >> I try to configur
wrote:
>
> Hi,
>
> I try to set VPN like I wrote earlier.
> 78.x is server and this is not NAT. He dont forward anything.
>
> >> I try to configure VPN over my server and my client
> >>
> >> Sheme is like this
> >> 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90
> >
> > Are you trying to set up IPSEC
Maciej Suszko wrote:
>
> > So as you write they should set: ??
> > 10.20.0.1 (my ip on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90
> > (other side)
>
> Yes, indeed.
>
> > And additionaly I thing I should correct set spd policy to:
> >
> > spdadd 10.20.0.1 10.10.1.90 any -P out ipsec
> > esp/tu
r...@dzie-ciuch.pl wrote:
>
> >> 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90
>
> I try to set VPN like I wrote earlier.
> 78.x is server and this is not NAT. He dont forward anything.
>
> I try to set tunnel behing my server 78.x and gateway 95.x translating
> packets to 10.x. I can only set 78.x si
wrote:
>
>
> >> Hmmm, aggressive mode wasn't help :(
> >> Still I got only negotiation, so I try to send packets but I don't
> >> receive it at all.
> >>
> >> On my server 78.x.x.x I got ipfw allow all from any to any.
> >> On the other side 95.x.x.x they tell me that they do it everything
> >>
>> Hmmm, aggressive mode wasn't help :(
>> Still I got only negotiation, so I try to send packets but I don't
>> receive it at all.
>>
>> On my server 78.x.x.x I got ipfw allow all from any to any.
>> On the other side 95.x.x.x they tell me that they do it everything
>> right - only I can't conn
Hi,
I try to set VPN like I wrote earlier.
78.x is server and this is not NAT. He dont forward anything.
>> I try to configure VPN over my server and my client
>>
>> Sheme is like this
>> 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90
>
> Are you trying to set up IPSEC tunneling of networks behind the
wrote:
>
> Hmmm, aggressive mode wasn't help :(
> Still I got only negotiation, so I try to send packets but I don't
> receive it at all.
>
> On my server 78.x.x.x I got ipfw allow all from any to any.
> On the other side 95.x.x.x they tell me that they do it everything
> right - only I can't co
r...@dzie-ciuch.pl wrote:
>
> I try to configure VPN over my server and my client
>
> Sheme is like this
> 78.x.x.x <--> 95.x.x.x <--> 10.10.1.90
Are you trying to set up IPSEC tunneling of networks behind these
gateways, or are you only trying to secure traffic between the peers
themselves?
Th
Hmmm, aggressive mode wasn't help :(
Still I got only negotiation, so I try to send packets but I don't receive
it at all.
On my server 78.x.x.x I got ipfw allow all from any to any.
On the other side 95.x.x.x they tell me that they do it everything right -
only I can't connect :(
Maybe I don't
On Tue, Jun 22, 2010 at 05:11:58PM +0200, r...@dzie-ciuch.pl wrote:
>
> Hi,
>
> Thanks for help
>
> I new on it and I never use VPN, only I have to do it.
> Please tell me how to check peer's log? I dont know how to check it?
If that's really a firewall-1 as said in comments, I just don't
know.
Hi,
Thanks for help
I new on it and I never use VPN, only I have to do it.
Please tell me how to check peer's log? I dont know how to check it?
Have I change my racoon.conf exchange to aggressive, main?
I forgot send last time - on the other side is cisco router, maybe this is
important
Regar
On Tue, Jun 22, 2010 at 03:59:50PM +0200, r...@dzie-ciuch.pl wrote:
>
> Hi,
Hi.
> I try to configure VPN over my server and my client
[]
According to your racoon's debug (and confirmed by tcpdump), racoon
tries to initiate a phase1 negociation, but never gets any answer from
peer, so you m
Hi,
I try to configure VPN over my server and my client
Sheme is like this
78.x.x.x <--> 95.x.x.x <--> 10.10.1.90
When I try to ping 10.10.1.90, all packets are lost.
What can I change to run it?
Thanks
This is my setting:
# setkey -DP
10.10.1.90[any] 78.x.x.x[any] any
in ipsec
32 matches
Mail list logo
