https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
Zhenlei Huang changed:
What|Removed |Added
CC||jhar...@widomaker.com
--- Comment
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
--- Comment #7 from Andrew Cagney ---
(In reply to Zhenlei Huang from comment #6)
Yes the problem is (was) in fping 5.0 packaged by FreeBSD but that is old. The
issue is confirmed fixed in the latest version 5.1. Can fping please be
updat
Me wrote:
> On 15. Jan 2024, at 16:15, Michael Grimm wrote:
>
> Marek Zarychta wrote:
>> W dniu 15.01.2024 o 15:35, Michael Grimm pisze:
>
>>> route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254"
>
>> Please try:
>> route_tunnel0="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254"
>
> Bingo! That did the t
Marek Zarychta wrote:
> W dniu 15.01.2024 o 15:35, Michael Grimm pisze:
>> route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254"
> Please try:
> route_tunnel0="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254"
Bingo! That did the trick:
Internet6:
Destination Gateway
W dniu 15.01.2024 o 15:35, Michael Grimm pisze:
route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254"
Please try:
route_tunnel0="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254"
--
Marek Zarychta
Andrey V. Elsukov wrote:
> ifconfig_ipsec0_ipv6="inet6 fd00:b:b:b::250 fd00:a:a:a::254 prefixlen 128"
Thanks, now do get the tunnel set (after adding the tunnel to your hint):
ifconfig_ipsec0="inet 10.2.2.250 10.1.1.254 tunnel 1.2.3.4 10.20.30.40"
ifconfig_ipsec0_ipv6="inet6 fd00:b:b:
On 15.01.2024 16:09, Michael Grimm wrote:
Hi,
I do use an ipsec tunnel for routing local IPv4 traffic for years now
(/etc/rc.conf):
cloned_interfaces="ipsec0"
static_routes="tunnel0"
create_args_ipsec0="reqid 104"
ifconfig_ipsec0=&quo
Hi,
I do use an ipsec tunnel for routing local IPv4 traffic for years now
(/etc/rc.conf):
cloned_interfaces="ipsec0"
static_routes="tunnel0"
create_args_ipsec0="reqid 104"
ifconfig_ipsec0="inet 10.2.2.250 10.1.1.254 tunnel 1.2.3.4 10.20.30.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
--- Comment #6 from Zhenlei Huang ---
(In reply to Andrew Cagney from comment #4)
> freebsdw# ping -c 1 192.1.2.23
> PING 192.1.2.23 (192.1.2.23): 56 data bytes
> 64 bytes from 192.1.2.23: icmp_seq=0 ttl=64 time=0.XXX ms
> --- 192.1.2.23 pi
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
--- Comment #5 from Andrew Cagney ---
I've also posted this up-up-stream
https://groups.google.com/g/fping-users/c/gLzZP3h1a80
--
You are receiving this mail because:
You are the assignee for the bug.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
--- Comment #4 from Andrew Cagney ---
(In reply to Zhenlei Huang from comment #3)
> Have you tried `ping` instead of `fping` ?
good question, the plot thickens:
make: Leaving directory '/home/libreswan/wip-webkvm/testing/libvirt'
--- MAS
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
Zhenlei Huang changed:
What|Removed |Added
CC||z...@freebsd.org
--- Comment #3 fr
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
Andrew Cagney changed:
What|Removed |Added
Version|13.2-STABLE |14.0-RELEASE
--- Comment #2 from A
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
--- Comment #1 from Andrew Cagney ---
More data points:
- it isn't ESN; both FreeBSD->linux (ESN=yes) and FreeBSD->NetBSD (ESN=no) show
this
- it isn't aes_gcm; AES_CBC_128-HMAC_SHA1_96 has same behaviour (aes_gcm was
broken in libreswan 4
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273533
Mark Linimon changed:
What|Removed |Added
Assignee|b...@freebsd.org|n...@freebsd.org
--
You are receiv
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=56233
Eitan Adler changed:
What|Removed |Added
Status|In Progress |Open
--- Comment #9 from Eitan Adler
On 20 Jul 2017, at 22:02, Kajetan Staszkiewicz wrote:
Yet for a reason beyond my understanding FreeBSD handbook proposes a
3rd mode:
using a GIF tunnel together with IPSec tunnel mode. I really don't
understand
how is that supposed to work. People On The Internet also seem not to
be
Hi group,
For many years I have used the trick of running a GRE or GIF tunnel encrypted
with IPSec transport mode, both on FreeBSD and Linux. That allows me to run
BGP or OSPF on the tunnels.
I am also aware of IPsec tunnel mode which kind of works for me, although is
not my personal choice
Michael Grimm wrote:
Nevermind, I solved my issue. I has been a minor typo with major consequences.
> Configuration (shown for hostA, only):
>
> setkey.conf
> # hostA hostB
> hostA hostB
> spdadd 10.1.1.0/
Hi --
I am referring to the following (simplified) setup:
[hostA /ix0 / 2001:dead::1 / 1.2.3.4] <===== IPsec tunnel => [hostB / ix0 /
2001:beef::10 / 10.20
Hi —
Is there a way to set the default outgoing IPv6 address of a network interface?
To my understanding the IPv6 address is used that is bound to the interface by
ifconfig_IFNAME_ipv6, right?
I need to route all my traffic to a remote server via an IPSEC tunnel (racoon)
that has a
Julian Elischer wrote:
>
> On 27/12/2015 4:24 AM, Michael Grimm wrote:
>> I am currently stuck, somehow, and I do need your input. Thus, let me
>> explain, what I do want to achieve:
>>
>> I do have two servers connected via an ipsec/tunnel ...
>
On 27/12/2015 4:24 AM, Michael Grimm wrote:
Hi,
I am currently stuck, somehow, and I do need your input. Thus, let me explain,
what I do want to achieve:
I do have two servers connected via an ipsec/tunnel ...
[A] dead:beef:1234:abcd::1 <—> dead:feed:abcd:1234::1 [B]
… wh
Hi,
I am currently stuck, somehow, and I do need your input. Thus, let me explain,
what I do want to achieve:
I do have two servers connected via an ipsec/tunnel ...
[A] dead:beef:1234:abcd::1 <—> dead:feed:abcd:1234::1 [B]
… which is sending all traffic destined for dead:beef:123
Hi.
On 15.04.2014 10:27, Matt Lager wrote:
> Do you utilize PF as your firewalling platform, because I'm slightly
> suspicious that could be the cause.
I do.
Eugene.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/free
Do you utilize PF as your firewalling platform, because I'm slightly
suspicious that could be the cause. In fact, it's a bit silly I haven't
disabled it entirely to see if that resolves my issues. I'll probably
run tests doing that tomorrow and will report back. PF did undergo a lot
of changes
Hi.
On 10.04.2014 02:15, Matt Lager wrote:
> I have used IPSEC tunnels w/ racoon to establish point to point VPN
> connections for a long time, with great success. I recently decided to
> upgrade one of my endpoints to 10.0-RELEASE from 9.2-RELEASE-p3. I
> didn't do an upgrade but did a fresh inst
I have used IPSEC tunnels w/ racoon to establish point to point VPN
connections for a long time, with great success. I recently decided to
upgrade one of my endpoints to 10.0-RELEASE from 9.2-RELEASE-p3. I
didn't do an upgrade but did a fresh installation of 10.0-RELEASE, but
applied the identi
Synopsis: [ipsec] IPv6-in-IPv4 does not work inside an ESP-only IPsec tunnel
Responsible-Changed-From-To: freebsd-net->ae
Responsible-Changed-By: ae
Responsible-Changed-When: Fri Apr 4 09:41:15 UTC 2014
Responsible-Changed-Why:
Take it.
http://www.freebsd.org/cgi/query-pr.cgi?pr=147
I'm trying to run an IPsec tunnel between a Linux router and a FreeBSD
router, but the FreeBSD router isn't passing any of the IPv6 traffic
(IPv4 works perfectly). I have the following in /etc/ipsec.conf:
spdadd 10.1.0.0/2110.2.2.0/24 any -P out ipsec
esp/tunnel/192.0.2.1
Old Synopsis: IPv6-in-IPv4 does not work inside an ESP-only IPsec tunnel
New Synopsis: [ipsec] IPv6-in-IPv4 does not work inside an ESP-only IPsec tunnel
Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Sun Jul 18 15:42:23 UTC 2
Synopsis: IPsec tunnel (ESP) over IPv6: MTU computation is wrong
Responsible-Changed-From-To: gnn->freebsd-net
Responsible-Changed-By: gnn
Responsible-Changed-When: Tue Jun 15 17:47:41 UTC 2010
Responsible-Changed-Why:
I'm not working on IPSec at the moment, handing this one bac
On Thu, Oct 01, 2009 at 10:00:35AM +0200, Zaidi, Abbas wrote:
> Thanks Yvan for the help
>
> The problem got solved by changing the in security policy, on SGW, from
> ipsec level require to use, but I'm still not clear what the real issue
> was. Why we can't use require on it.
This sounds like yo
reebsd.org]
Sent: Wednesday, September 30, 2009 6:08 PM
To: Zaidi, Abbas
Cc: freebsd-net@freebsd.org; Ansari, Fakhir; Khan, Fayyaz
Subject: Re: FreeBSD ipsec tunnel mode packet lost
On Wed, Sep 30, 2009 at 01:16:47PM +0200, Zaidi, Abbas wrote:
> Hi
Hi.
> I am having this strange problem est
On Wed, Sep 30, 2009 at 01:16:47PM +0200, Zaidi, Abbas wrote:
> Hi
Hi.
> I am having this strange problem establishing tunnel between FreeBSD and
> linux, my network setup is
[the setup]
> Once the SAs get negotiated I send a ping request from FreeBSDe to
> Linuxe. The packets get an ipsec heade
Hi
I am having this strange problem establishing tunnel between FreeBSD and
linux, my network setup is
Link2:216:76ff:febd:618c -|Link2::e -o-
Link1::e||Link1::f -o-
Link0::e|---Link0:212:17ff:fe5c:9466
FreeBSDe--|FreeBSDr|--
Thanks, this solved the problem. I think i was too tired and was
producing layer8 issues :)
Another question, what does the AES mean for racoon, is it AES256 or
AES128? I've seen both at some ipsec devices, and I haven't seen the
cipher size specified here.
On Thu, 16 Jul 2009 02:57:43 +0200
Jiga
Hi,
I think that you can't see any outgoing traffic because there is no spd rule
that matches any outgoing traffic ( from site A, ie you freebsd box) : this
just comes from your second spd rule where "in" should be "out" :
Try to replace the second rule:
spdadd 192.168.0.0/24 192.168.1.64/32 any
Hello,
I'd like to ask for a bit of a help.
I'd like to set up an IPSec VPN between two hosts, and I'm facing an
issue I can't solve myself.
The setup is the following:
It's a site-to-host VPN, from A to B.
At A side there's the fbsd gateway, it's a 7.2 box, everything is built
into the kernel,
Nerius,
This sounds like a DPD timeout. The Cisco VPN client or Cisco gateway is
probably not configured to use NAT-T or you are blocking UDP port 4500.
Using the static-port trick will help in some instances where a client
doesn't support NAT-T, but it also prevents multiple clients behind th
reeBSD-6 you
have to split this up in two lines, one nat and one pass.
Peter
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nerius Landys
Sent: Thursday, February 14, 2008 7:00 PM
To: freebsd-net@freebsd.org
Subject: PF firewall NAT and Windows IPSEC tu
Hi--
On Feb 14, 2008, at 9:59 AM, Nerius Landys wrote:
Howdy folks. I have several computers behind a FreeBSD router (NAT
192.168.0.x using OpenBSD's PF) . One of those computers is a Windows
machine which is using software called "Cisco Systems VPN Client" to
connect
to some other computer
Howdy folks. I have several computers behind a FreeBSD router (NAT
192.168.0.x using OpenBSD's PF) . One of those computers is a Windows
machine which is using software called "Cisco Systems VPN Client" to connect
to some other computers outside of our internal network. Our FreeBSD
router's conn
ny other way to configure the IPv6 IPsec tunnel?
Thanks.
Take a look here and see if this helps you at all:
https://www.secure-computing.net/wiki/index.php/IPv6_on_FreeBSD_6.2
-
Eric F Crist
Secure Computing Networks
___
freebsd-net@
e local IP address via
"ifconfig gif0 inet6 IPv6 address>", ifconfig will complain the parameters are invalid!
Is there any other way to configure the IPv6 IPsec tunnel?
Thanks.
Take a look here and see if this helps you at all:
https://www.secure-computing.net/wiki/index.
t;", ifconfig will complain the parameters are invalid!
Is there any other way to configure the IPv6 IPsec tunnel?
Thanks.
BR,
Yi-Wen
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, s
Synopsis: IPsec tunnel (ESP) over IPv6: MTU computation is wrong
Responsible-Changed-From-To: freebsd-net->gnn
Responsible-Changed-By: bms
Responsible-Changed-When: Sun Sep 24 08:57:37 UTC 2006
Responsible-Changed-Why:
by request
http://www.freebsd.org/cgi/query-pr.cgi?pr=56
Synopsis: IPsec tunnel (ESP) over IPv6: MTU computation is wrong
Responsible-Changed-From-To: bms->freebsd-net
Responsible-Changed-By: bms
Responsible-Changed-When: Sat Sep 23 16:28:40 UTC 2006
Responsible-Changed-Why:
I must focus on more specific areas.
http://www.freebsd.org/cgi/query-pr.
ook at before I start filling PRs :=)
Regards,
Dmitry Andrianov
-Original Message-
From: Dmitry Andrianov
Sent: Friday, May 05, 2006 4:06 PM
To: 'Daniel Hartmeier'
Cc: 'freebsd-pf@freebsd.org'
Subject: RE: IPSEC tunnel problem
Ok, finally, IPSEC_FILTERGIF fixes th
I'm trying to setup FreeBSD 5.4 in tunnel mode with AH+ESP, what is
the appropriate spdadd syntax to pass to setkey to set this policy?
Currently I'm trying,
spdadd 192.168.1.60 192.168.1.250 any -P out ipsec
esp/tunnel/192.168.1.60-192.168.1.250/use
ah/tunnel/192.168.1.60-192.168.1.250/use;
spda
hi,
i have some questions regarding an ipsec tunnel
which i want to setup between to hosts (A, B),
but I want A and B to be in the same subnet.
what are the possiblilities?
also, i might meet the following situation:
a)
A 10.0.0.10 <==> ipsec_gw <==> routers <==> ipsec_gw <
0.0.1
> Interface)===IPSEC TUNNEL===(200.0.0.2 Inteface)<-(192.168.1.1
> Internal)-(192.168.0.1/24 Lan)
>
> I can see the packets from 192.168.0.2->192.168.1.1 under tcpdump of
> 200.0.0.2 as a (ipip) Packet from 200.0.0.1->200.0.0.2 having
> 192.168.0.2->192.168.1
Is it not possible to have the internal ip addresses of the tunnel
machines talk with other internal addresses on the other side of the tunnel?
Example Set Up:
Packets from say 192.168.0.2 to 192.168.1.1 and back
(192.168.0.0/24 Lan)-(192.168.0.1 Internal)->(200.0.0.1
Interface)===IPSEC TUN
Dear all,
I have a freebsd act as VPN gateway which support PPTP
and IPSec. I am trying to monitor those incoming
connections. For PPTP, I can use snmp to get ngx
status and statics. Is there any to monitor IPsec
tunnel like those PPTP connection?
Thanks,
Vincent Chen
On Fri, Apr 19, 2002 at 01:18:16PM -0700, Julian Elischer wrote:
> failing that, I have just had "contributed"
> some code that produces an actual "vlan" netgraph node.
> You attach it to the ethernet node.. I'm still
> reading it to work out what it does..
One thing worth noting. I'm pretty sur
< said:
> I don't know, but it may have problems setting promiscuous mode..
> is there such a thing in vlan mode?
Certainly -- but the other VLANs configured on the same interface have
to be prepared to appropriately ignore the traffic they receive that
isn't addressed to them.
-GAWollman
To
apparently, though I am still trying to understand it..
On Fri, 19 Apr 2002, Terry Lambert wrote:
> Julian Elischer wrote:
> >
> > failing that, I have just had "contributed"
> > some code that produces an actual "vlan" netgraph node.
> > You attach it to the ethernet node.. I'm still
> > read
On Fri, 19 Apr 2002, Terry Lambert wrote:
>
> Julian's approach would put the vlan's on ng_ether, which
> would push through the code that does the bridging. Last
> December 20 on -net, he said the caode for a VLAN netgraph
> node was being donated by "this French committer" (sorry, I
> don't
On Fri, Apr 19, 2002 at 02:01:49PM -0700, Terry Lambert wrote:
> Luigi Rizzo wrote:
> > i recently (late february) made some commits that among other
> > things enabled the native bridging in FreeBSD to work on vlans.
> > Both on -stable and -current.
>
> OK, then I'm out of date.
>
> Does this
Luigi Rizzo wrote:
> i recently (late february) made some commits that among other
> things enabled the native bridging in FreeBSD to work on vlans.
> Both on -stable and -current.
OK, then I'm out of date.
Does this work with ip.fastforwarding?
-- Terry
To Unsubscribe: send mail to [EMAIL PRO
Julian Elischer wrote:
>
> failing that, I have just had "contributed"
> some code that produces an actual "vlan" netgraph node.
> You attach it to the ethernet node.. I'm still
> reading it to work out what it does..
Is this the "VLAN implemented in Netgraph" thing you were
talking about last D
Julian Elischer wrote:
> > Would imply it should just work to bridge vlan's via netgraph bridging.
> > As Archie said I have not tested this to prove how it does or does not
> > work since I haven't had a need to try it.
>
> I don't know, but it may have problems setting promiscuous mode..
> is t
i recently (late february) made some commits that among other
things enabled the native bridging in FreeBSD to work on vlans.
Both on -stable and -current.
cheers
luigi
On Fri, Apr 19, 2002 at 01:44:19PM -0700, Terry Lambert wrote:
> Archie Cobbs wrote:
> > Terry Lambert writes:
Archie Cobbs wrote:
> Terry Lambert writes:
> > Bridging doesn't work with the vlanX interface currently in FreeBSD.
>
> Why not?
>
> I believe you, I've just never used vlans and always assumed
> that they acted like normal Ethernet interfaces.
According to people in -questions on 18 Dec of la
failing that, I have just had "contributed"
some code that produces an actual "vlan" netgraph node.
You attach it to the ethernet node.. I'm still
reading it to work out what it does..
On Fri, 19 Apr 2002, Doug Ambrisko wrote:
> Archie Cobbs writes:
> | Terry Lambert writes:
> | > Bridging does
On Fri, 19 Apr 2002, Doug Ambrisko wrote:
> Archie Cobbs writes:
> | Terry Lambert writes:
> | > Bridging doesn't work with the vlanX interface currently in FreeBSD.
> |
> | Why not?
> |
> | I believe you, I've just never used vlans and always assumed
> | that they acted like normal Ethernet
Archie Cobbs writes:
| Terry Lambert writes:
| > Bridging doesn't work with the vlanX interface currently in FreeBSD.
|
| Why not?
|
| I believe you, I've just never used vlans and always assumed
| that they acted like normal Ethernet interfaces.
Same here:
a21p# ngctl list
There are 5 tot
Terry Lambert writes:
> Bridging doesn't work with the vlanX interface currently in FreeBSD.
Why not?
I believe you, I've just never used vlans and always assumed
that they acted like normal Ethernet interfaces.
-Archie
__
TECTED]>
> > Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Thursday, April 18, 2002 2:44 AM
> > Subject: Re: vlan traffic over ipsec tunnel
> >
> >
> > > On Wed, Apr 17, 2002 at 09:11:28PM +0200, Peter J. Blok wrote:
> > > > Hi A
;
> Sent: Thursday, April 18, 2002 2:44 AM
> Subject: Re: vlan traffic over ipsec tunnel
>
>
> > On Wed, Apr 17, 2002 at 09:11:28PM +0200, Peter J. Blok wrote:
> > > Hi All,
> > >
> > > I'd like to accomplish the following: I have two locations, co
]>
Sent: Thursday, April 18, 2002 2:44 AM
Subject: Re: vlan traffic over ipsec tunnel
> On Wed, Apr 17, 2002 at 09:11:28PM +0200, Peter J. Blok wrote:
> > Hi All,
> >
> > I'd like to accomplish the following: I have two locations, connected
via an
> > IPSEC tun
Terry Lambert wrote:
> Bridging doesn't work with the vlanX interface currently in
> FreeBSD.
>
> Julian promised (last December) that he would be committing a
> VLAN netgraph node for doing VLAN "the right way", but I have
> not seen anything. I tried to ping him twice on this, but I
> think he
"Peter J. Blok" wrote:
> I'd like to accomplish the following: I have two locations, connected via an
> IPSEC tunnel. Is it possible to connect the vlans at both ends through the
> tunnel.
>
> Is this possible with existing software? What would it take to do som
On Wed, Apr 17, 2002 at 09:11:28PM +0200, Peter J. Blok wrote:
> Hi All,
>
> I'd like to accomplish the following: I have two locations, connected via an
> IPSEC tunnel. Is it possible to connect the vlans at both ends through the
> tunnel.
>
> Is this possible wi
t;
> I'd like to accomplish the following: I have two locations, connected via an
> IPSEC tunnel. Is it possible to connect the vlans at both ends through the
> tunnel.
>
> Is this possible with existing software? What would it take to do something
> like this?
>
> Peter
>
Hi All,
I'd like to accomplish the following: I have two locations, connected via an
IPSEC tunnel. Is it possible to connect the vlans at both ends through the
tunnel.
Is this possible with existing software? What would it take to do something
like this?
Peter
To Unsubscribe: send ma
u seem to have lost me..)
There are TWO ways of doing this:
1. IPsec tunnel mode
- you don't need any gifs
- you must use IPsec selectors to match & forward your traffic
2. IPIP tunnels + transport mode
- you do need gifs but ONLY with IPsec TRANSPORT mod
At 13:36 9-4-2002 +0200, Dennis Pedersen wrote:
>Uhm okai, but where do i see the port number for the 2 natd processes? , kan
>i specify it somewhere or?
From natd(8):
-port | -p port
Read from and write to divert(4) port port, distinguishing
packets as
- Original Message -
From: "Lars Eggert" <[EMAIL PROTECTED]>
To: "Dennis Pedersen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, April 09, 2002 6:18 PM
Subject: Re: IPsec tunnel mode
> Dennis Pedersen wrote:
> > But uhm is
Dennis Pedersen wrote:
> But uhm is there a 'simple' way of doing this?
Did you look at the KAME newsletters? (URL in a previous email)
Lars
--
Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
ipfw add divert natd can tell the
> difference between te 2 sessions of natd)
Both setup instructions you gave URLs for are broken in the respect that
they tell you to set up IPIP tunnels and IPsec tunnel mode SAs in
parallel. IPsec tunnel mode under KAME does not use gif interfaces. This
wor
From: "Rogier R. Mulhuijzen" <[EMAIL PROTECTED]>
> At 12:16 9-4-2002 +0200, Dennis Pedersen wrote:
> >But uhm is there a 'simple' way of doing this? (as in just adding the IP
of
> >the other ends gif interface as destinatio in my routes?
> >The setup today i an exact copy of (other IP's of cours
At 12:16 9-4-2002 +0200, Dennis Pedersen wrote:
>But uhm is there a 'simple' way of doing this? (as in just adding the IP of
>the other ends gif interface as destinatio in my routes?
>The setup today i an exact copy of (other IP's of course)
>www.freebsddiary.org/ipsec-tunnel.php
>This works just
- Original Message -
From: "Lars Eggert" <[EMAIL PROTECTED]>
To: "Dennis Pedersen" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, April 08, 2002 11:23 PM
Subject: Re: IPsec tunnel mode
> Dennis Pedersen wrote:
> > Because on t
Rogier R. Mulhuijzen wrote:
> I'd like to hear how to do it the proper way though. Feel like clueing
> me in?
Check the KAME newsletters (e.g.
http://www.kame.net/newsletter/20001119/) for configuration examples.
There are also some examples in the IMPLEMENTATION and USAGE files under
CVS (we
At 14:20 8-4-2002 -0700, Lars Eggert wrote:
>There are no IPsec tunnel devices in KAME. IPsec defines "security
>associations" (SAs), which are not represented as devices in the routing
>table in KAME. Thus, you can't use routes to direct traffic into these
>tunnel m
Julian Elischer wrote:
> Assign the required address to the netgraph interface and then
> use the IP-over-UDP example in the netgraph examples.
Good idea. IP-over-UDP has advantages when it comes to firewall- and
NAT-traversal. IP-over-IP has the advantage that it looks like IPsec
tunne
:
> Rogier R. Mulhuijzen wrote:
> >> http://www.x-itec.de/projects/tuts/ipsec-howto.txt
> >
> > Unfortunately this howto, like any other mention of IPsec &
> > tunneling on the net uses the gif interface. Which is IPoverIP, and
> > this does not
Dennis Pedersen wrote:
> Because on the [EMAIL PROTECTED] Lars Eggert said something about using
> transport mode, not tunnel mode. This confused me a bit because isnt
> transport between 2 hosts only
I said a possibility would be to use IPsec transport mode OVER AN IPIP
TUNNEL, which is not he
Rogier R. Mulhuijzen wrote:
>> http://www.x-itec.de/projects/tuts/ipsec-howto.txt
>
> Unfortunately this howto, like any other mention of IPsec &
> tunneling on the net uses the gif interface. Which is IPoverIP, and
> this does not seem to match with IPsec tunnel
- Original Message -
From: "Rogier R. Mulhuijzen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 08, 2002 8:04 PM
Subject: IPsec tunnel mode
> I've been following the KAME vs. OpenBSD IPsec thread somewhat, and I
> gather that IPsec tun
ther mention of IPsec & tunneling on
the net uses the gif interface. Which is IPoverIP, and this does not seem
to match with IPsec tunnel devices.
I quote the gif(4) manpage:
"For example, you cannot usually use gif to talk with IPsec devices that
use IPsec tunnel mode."
The problem
check out this link... they were a great deal of help to me when i went
to setup ipsec on freebsd...
Best wishes
Hytekblue
http://www.x-itec.de/projects/tuts/ipsec-howto.txt
> At 20:04 8-4-2002 +0200, Rogier R. Mulhuijzen wrote:
> >My question is, can one get IPsec tunne
At 20:04 8-4-2002 +0200, Rogier R. Mulhuijzen wrote:
>My question is, can one get IPsec tunnel mode to work in BSD, and how is
>it done? I do not need a lengthy story, a few terse pointers would be
>quite enough.
Pardon me. I meant FreeBSD not BSD.
Doc
To Unsubscribe: sen
I've been following the KAME vs. OpenBSD IPsec thread somewhat, and I
gather that IPsec tunnel mode is not the same as using the gif interface
(which is IPIP).
My question is, can one get IPsec tunnel mode to work in BSD, and how is it
done? I do not need a lengthy story, a few terse poi
On Wed, 20 Mar 2002 14:44:06 -0800
Lars Eggert <[EMAIL PROTECTED]> hit the keyboard and punched:
> No, there is an (older) KAME included in FreeBSD; however that one
> doesn't yet represent SAs in the routing table as interfaces.
I still do not understand wether I need KAME or not? What would i
Rickard Borgmäster wrote:
>>It looks like the OpenBSD IPsec implementation integrates IPsec tunnel
>>mode SAs with the routing table (good!) FreeBSD's KAME doesn't (yet;
>>more recent KAME SNAPs have "device sec" which looks promising).
>
>
>
es won't show in the ordinary routing
> > table on FreeBSD?
>
> It looks like the OpenBSD IPsec implementation integrates IPsec tunnel
> mode SAs with the routing table (good!) FreeBSD's KAME doesn't (yet;
> more recent KAME SNAPs have "device sec" whi
Rickard Borgmäster wrote:
> I've established a tunnel between my home FreeBSD host and a corporate
> OpenBSD firewall.
IPsec tunnel I assume?
> I can see this at OpenBSD box:
> # netstat -rn
> [...]
> Port DestinationPort Proto SA(Address/Proto/Type/Dir
Dunno if this belongs to net or security but...
I've established a tunnel between my home FreeBSD host and a corporate
OpenBSD firewall. This works just fine. Well, works, but not good enough.
Specs:
home:
FreeBSD 4.5
IPF
pub-ip: 130.236.218.63
priv-net: 192.168.2.0/24
office:
OpenBSD 3.0-stabl
1 - 100 of 131 matches
Mail list logo
