.
> > - FreeBDS 4.2-RELEASE + KAME SNAP 200103xx has problem, but no kernel
> > panic
> right, shows the described problems but has no such kernel panics
> > - FreeBSD 4.2-RELEASE + KAME SNAP 200104xx has problem, with kernel
> > panic
> actually I should test th
- FreeBDS 4.2-RELEASE + KAME SNAP 200103xx has problem, but no kernel
> > > panic
> > right, shows the described problems but has no such kernel panics
>
> > > - FreeBSD 4.2-RELEASE + KAME SNAP 200104xx has problem, with kernel
> > > panic
> > actually I should test that. Will do tomorrow.
>
> /Shoichi Sakane @ KAME project/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
# This tread is being at three mailing list...
> >> now, the problem is that the ${sohoip} is dynamically assigned
> >> with DHCP. How can the gateway at the headquarter know that
> >> ${sohoip} address?
> I don't know whether this is actually possible to do yet. But, you
> should be able to co
> If I am
> doing things wrong, please advise how to do them right, or refer
> me to the documentation that does tell this (of course I read the
> KAME "newsletter", setkey man page and much other stuff, including
> several VPN HOWTO documents that *ALL* use the gif-tunnel hack!)
just make sure,
> I'm having quite the time trying to set up a IPsec tunnel on 4.3-RELEASE.
> Host-to-host IPsec works fine - I can make connections all day long between my
> two gateways. But for the life of me, I can't get my windows boxen on each end
> to talk to the other. I've got identical psk.txt files
> Can you tell me if I will run into any problems running NAT on my gateways?
I have never used NAT with IPSec. You should tell this mailing list your
problem. Because there are probably people who have same problem of you.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freeb
> >I can only find a way to define a global SPD using setkey. Is it possible
> >to define an (IPv4) SPD on a per interface basis using KAME / FreeBSD4?
> >If not, are there any plans to add this in the future?
> >Is there any reason one wouldn't want to have this?
> no. do you want SPD per
> 8 outbound packets with no SA available
> Both boxes are running RELENG_4_3 (security release), and have 'options
> IPSEC' and 'options IPSEC_ESP' in the kernel.
>
> Box A is 192.168.0.2/24, Box B is 192.168.0.3/24.
>
> Here's what I'm doing on box A:
>
> gabby# setkey -c << EOF
> ad
please please tell us the version which you are using at least,
freebsd, racoon, when you ask question.
before you ask questions to this list, check and examine your configuration,
ifconfig, netstat, tcpdump, racoon.conf, racoon.log, setkey in this case,
> After installing 2 FreeBSD machines, i
> When I start racoon on both machines, all appears fine. To make a long
> story short, Machine A never seems to generate ANY isakmp packets. Machine
> B's racoon run-time info never indicates it's gotten a phase I initiation
> from A if the session was originated from A. I've run tcpdump on bo
> Does anybody have working VPN between
> Win32 client and FreeBSD server (PPTP or IPSec)
> if yes - which software you use.
> Could someone point me to really working free or commercial software
> to solve this problem?
i am not sure of windows32. you can get informations by search engine
w
> I am using Ipsec in tunnel mode. Everything works okay. Then I decide
> to flush my SAD entries, on _one_ side of the tunnel.
> Naturally, I see a key exchange going on.
> Afterwards I see that the system on which I flushed the SAD entries does
> have new ones. However the other side of the tunn
> > the freebsd's ipsec stack always uses old SA when there are some SAs for
> > the communication. so the other side system used old SA even when the one
> > had new SA.
> With that I can fix my case. Is there a special reason to
> default to the old one, because that breaks rebooting systems, d
> While investigating a problem, I noticed that the IPSEC code
> is initializing the sp -- even when no one is using IPSEC.
> It turns out that this really, really bloats the per socket
> memory requirements, with the only real result being a lot
> of extra processing that could be replaced by a
> OS: FreeBSD4.3
> Software: Racoon-20010322
> I'm attempting to connect a FBSD4.3 box to a SonicWall VPN solution. I
> think I have everything configured correctly, but I keep getting this
> error mesg and I'm unable to reach the IPs on the other end:
> 2001-11-09 13:56:51: INFO: isakmp.c:1618
> I'm attempting to figure out how to setup an IPv4 IPSEC tunnel between
> two of our other offices (running Symantec Raptor 6.50 for Windows NT)
> and my FreeBSD firewall here in my office (4.2-RELEASE)
>
> Here's a little network diagram of the situation:
>
> x.x.51.24 (my inside) <--> x.x.5
> how can I setup tunneling firewall using ipsec or something alike?
> (need to use some ports which are prohibited).
> Do I have to have some computer behind firewall (unfirewalled) and
> some programs running on it also?
it may help you.
http://www.daemonnews.org/200101/ipsec-howto.html
To Uns
> What's the difference between tunnel and transport mode configs in
> racoon ?
> I'm troubled by the fact that racoon seems to be the ONLY tool for this,
> and yet there's an extreme lack of documentation that exists for racoon
> configuration.
how about http://www.daemonnews.org/200101/ipsec-h
> What about info in regards to running a FreeBSD IPSEC server (racoon)
> with DHCP clients (road warriors)? I haven't seen anything about that...is it
> possible? If so...any links to info? Thanks in advance.
racoon can exchange SAs in such a scenario by using "generate_policy"
directive. but
> The problem is:
> when i setup an gif tunnel between FreeBSD Tunnel server and FreeBSD
> client. Client can only ping to FreeBSD TS . nothing else.
> i run following command on FreeBSD Client
> and on FreeBSD Tunnel Server:
> what is problem ?
> whan should i do ?
tap all of interfaces of your
> I want to add my encryption algorithm of ESP, an
> algorithm like DES, into FreeBSD kernel so as to make
> kernel recognize it. I added its definitions in
> /usr/src/sys/net/pfkeyv2.h, added specific functions
> implementation into /usr/src/sys/netinet6/esp.core.c
> and added a new subdirector
> 1. Has anyone else seriously looked at doing this?
> 2. Has anyone compared the OpenBSD and KAME implementations and understand
> their relative strengths? (e.g. is there some reason to work with KAME other
> than it's already in the system)
i have summarized what some people argued to merge Op
> some people say that OpenBSD has advantage because:
> 2. because SA is shown as a pseudo interface,
> about 4, we don't like to create a pseudo interface of each SA,
> in particular, when we use IPsec transport mode. each userland
> process can use individual SA in KAME. this function
> but freebsd use old SA. After searching maillist, I
> found that net.key.prefered_oldsa=0 will solve that
> problem. But why prefer old one?
the reason is for backword compatibility.
you can use new one by the system wide default as you know.
early kame implementation always used old one accor
> Is it not possible to have the internal ip addresses of the tunnel
> machines talk with other internal addresses on the other side of the tunnel?
> Example Set Up:
> Packets from say 192.168.0.2 to 192.168.1.1 and back
> (192.168.0.0/24 Lan)-(192.168.0.1 Internal)->(200.0.0.1
> Interface)===IP
25 matches
Mail list logo
