On 09/05/2018 10:06, peter.b...@bsd4all.org wrote:
Andrey,
I was planning to move towards Strongswan anyway. The 1st step (with 1
interface worked great)
Julian,
The idea of having a jail as VPN end-point is going to help me
transition step by step and possibly have both racoon and strongsw
>> I recommend to use strongswan, it has active developers that are
>> responsive and may give some help at least.
>
> Hi,
>
> Today I hacked ipsec-tools a bit, and made the patch that adds support
> for multiple if_ipsec interfaces.
>
> https://people.
t least.
Hi,
Today I hacked ipsec-tools a bit, and made the patch that adds support
for multiple if_ipsec interfaces.
https://people.freebsd.org/~ae/patch-reqid.diff
You can put this patch into ipsec-tools/files/ directory and then
rebuild the package. I'm not sure about compatibi
Andrey,
I was planning to move towards Strongswan anyway. The 1st step (with 1
interface worked great)
Julian,
The idea of having a jail as VPN end-point is going to help me transition step
by step and possibly have both racoon and strongswan active.
Thx,
Peter
> On 9 May 2018, at 03:08, Ju
On 8/5/18 9:51 pm, Andrey V. Elsukov wrote:
On 08.05.2018 14:03, peter.b...@bsd4all.org wrote:
Hi Victor,
I’m struggling wit the same issue. My sainfo doesn’t match unless I
use anonymous.
Hi Andrey,
What I don’t understand is why a “catchall” policy is added instead
of the policy that matche
On 08.05.2018 14:03, peter.b...@bsd4all.org wrote:
> Hi Victor,
>
> I’m struggling wit the same issue. My sainfo doesn’t match unless I
> use anonymous.
>
> Hi Andrey,
>
> What I don’t understand is why a “catchall” policy is added instead
> of the policy that matches the inner tunnel.
This is
Hi Victor,
I’m struggling wit the same issue. My sainfo doesn’t match unless I use
anonymous.
Hi Andrey,
What I don’t understand is why a “catchall” policy is added instead of the
policy that matches the inner tunnel.
What is supposed to happen here? Is the IKE daemon supposed to update the
On 23/04/2018 15:43, Andrey V. Elsukov wrote:
Your security associations doesn't match your security policies.
Probably you did interfaces reconfiguration without clearing old SAs.
I think your configuration will work, if you first will done if_ipsec(4)
configuration, then start racoon and it w
On 23.04.2018 15:10, Victor Gamov wrote:
> # setkey -D
> =
> __FreeBSD_IP__ __Cisco_30__
> esp mode=tunnel spi=2124688285(0x7ea42b9d) reqid=26(0x001a)
This must be 30 ^^^
> __FreeBSD_IP__ __Cisco_25__
> esp mode=tunnel spi=153891647(0x092c333f)
On 23/04/2018 14:13, Andrey V. Elsukov wrote:
On 21.04.2018 19:16, Victor Gamov wrote:
When I change ipsec-interfaces creation order then only last created
interface worked fine again and previously configured interfaces does
not work.
And very interesting fact: when I ping from remote 10.10.9
On 21.04.2018 19:16, Victor Gamov wrote:
> When I change ipsec-interfaces creation order then only last created
> interface worked fine again and previously configured interfaces does
> not work.
>
>
> And very interesting fact: when I ping from remote 10.10.98.5 for
> example to FreeBSD 10.10.98
On 20/04/2018 19:42, Andrey V. Elsukov wrote:
On 20.04.2018 18:48, Victor Gamov wrote:
More correct problem is: last configured ipsec interface tx/rx traffic
only. For my example:
- ping from 10.10.98.1 to 10.10.98.2 via ipsec30 is OK
- ping from 10.10.98.2 to 10.10.98.1 via ipsec30 is OK
-
On 20.04.2018 18:48, Victor Gamov wrote:
> More correct problem is: last configured ipsec interface tx/rx traffic
> only. For my example:
>
> - ping from 10.10.98.1 to 10.10.98.2 via ipsec30 is OK
>
> - ping from 10.10.98.2 to 10.10.98.1 via ipsec30 is OK
>
> - ping from 10.10.98.5 (Cisco) to
On 20/04/2018 13:04, Andrey V. Elsukov wrote:
On 20.04.2018 11:17, Victor Gamov wrote:
All local SA configured and established and remote side (Cisco routers)
report SA established too.
But traffic goes via only one ipsec-interface.
If you have all SAs established, you probably need to check
On 20.04.2018 11:17, Victor Gamov wrote:
> All local SA configured and established and remote side (Cisco routers)
> report SA established too.
>
> But traffic goes via only one ipsec-interface.
If you have all SAs established, you probably need to check your routing
configuration. Or at least te
Hi All
I have FreeBSD box (11.1-STABLE FreeBSD 11.1-STABLE #0 r327786) and
simple configuration with two if_ipsec configured like
=
ipsec25: flags=8051 metric 0 mtu 1400
description: -so: Sofy
tunnel inet IP-FreeBSD --> IP-Cisco-RTR-1
inet 10.10.98.6 --> 10.10.98.5
16 matches
Mail list logo
