Re: VPN with FAST_IPSEC and ipsec tools

2006-06-26 Thread Michael Vince
David DeSimone wrote: - -- David DeSimone == Network Admin == [EMAIL PROTECTED] I got it going! Its working like a dream now. I don't have a for sure reason why it wasn't working but my best guess is it was one that actually boiled down to a silly mistake as you suggested. I feel quite si

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-26 Thread Michael Vince
David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David DeSimone <[EMAIL PROTECTED]> wrote: Hmm... In examining my kernel configuration I found these options: options IPSEC options IPSEC_ESP options IPSEC_DEBUG # options IPSEC_FILTERGIF # opt

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-25 Thread David DeSimone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David DeSimone <[EMAIL PROTECTED]> wrote: > > Hmm... In examining my kernel configuration I found these options: > > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG > # options IPSEC_FILTERGIF > # options F

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-25 Thread David DeSimone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Vince <[EMAIL PROTECTED]> wrote: > > After reloading ipsec and racoon I tried to do a traceroute from a > client behind the local gateway to a client behind the remote gateway, > it went off and did a typical traceroute through the gateway out

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-25 Thread Michael Vince
David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Vince <[EMAIL PROTECTED]> wrote: The main reason to use IPSEC tunnel mode and avoid GIF is that such a config is interoperable with other IPSEC implementations, and thus is much more useful in the real world.

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-22 Thread David DeSimone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Vince <[EMAIL PROTECTED]> wrote: > > > The main reason to use IPSEC tunnel mode and avoid GIF is that such > > a config is interoperable with other IPSEC implementations, and thus > > is much more useful in the real world. > > OK that said, how

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-22 Thread Michael Vince
David DeSimone wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Candler <[EMAIL PROTECTED]> wrote: Ah, I guess this means you're following the instructions in the FreeBSD handbook, which last time I looked gave a most bizarre and unnecessary way of setting up IPSEC (GIF tunneling

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-21 Thread Giorgos Keramidas
On 2006-06-16 12:02, Doug Barton <[EMAIL PROTECTED]> wrote: > David DeSimone wrote: > > I ran into the same thing when analyzing the handbook's examples, and > > quickly abandoned the handbook when writing my own configs. > > Those who are more knowledgeable on this topic might want to > consider w

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-19 Thread Michael Vince
Brian Candler wrote: On Fri, Jun 16, 2006 at 01:43:54PM +1000, Michael Vince wrote: I have setup the GRE tunneling and that is working fine doing pings and tracerts when I disable ipsec and ipsec-tools, its just the encryption side thats the problem. Ah, I guess this means you're f

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-16 Thread Doug Barton
David DeSimone wrote: > I ran into the same thing when analyzing the handbook's examples, and > quickly abandoned the handbook when writing my own configs. Those who are more knowledgeable on this topic might want to consider writing an update, or an entirely new section for this. You don't need

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-16 Thread David DeSimone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian Candler <[EMAIL PROTECTED]> wrote: > > Ah, I guess this means you're following the instructions in the > FreeBSD handbook, which last time I looked gave a most bizarre and > unnecessary way of setting up IPSEC (GIF tunneling running on top of > I

Re: VPN with FAST_IPSEC and ipsec tools

2006-06-16 Thread Brian Candler
On Fri, Jun 16, 2006 at 01:43:54PM +1000, Michael Vince wrote: > I have setup the GRE tunneling and that is working fine doing pings and > tracerts when I disable ipsec and ipsec-tools, its just the encryption > side thats the problem. Ah, I guess this means you're following the instructions in