Hi,
I try to configure VPN over my server and my client
Sheme is like this
78.x.x.x <--> 95.x.x.x <--> 10.10.1.90
When I try to ping 10.10.1.90, all packets are lost.
What can I change to run it?
Thanks
This is my setting:
# setkey -DP
10.10.1.90[any] 78.x.x.x[any] any
in ipsec
rtant
Regards
Ralf
On Tue, 22 Jun 2010 16:35:43 +0200, VANHULLEBUS Yvan
wrote:
> On Tue, Jun 22, 2010 at 03:59:50PM +0200, r...@dzie-ciuch.pl wrote:
>>
>> Hi,
>
> Hi.
>
>
>> I try to configure VPN over my server and my client
> []
>
> According t
Maybe I don't set route correctly?
Is this mean that I don't receive password from other side?
ERROR: phase1 negotiation failed due to time up.
5d300bcf894a18f5:0000
Best regards
Ralf
On Tue, 22 Jun 2010 17:35:42 +0200, VANHULLEBUS Yvan
wrote:
> On Tue, Jun 22, 2010 at
: phase 1 I
>> ident
>> 15:57:39.067765 IP 78.x.x.x.isakmp > 95.x.x.x.isakmp: isakmp: phase 1 I
>> ident
>
> My first thought was that your IPSEC policy attempts to encrypt all
> traffic between you and your peers, but the
on gif device) <-> 78.x <-> 95.x <-> 10.10.1.90 (other
side)
And additionaly I thing I should correct set spd policy to:
spdadd 10.20.0.1 10.10.1.90 any -P out ipsec
esp/tunnel/78.x.x.x-95.x.x.x/require;
spdadd 10.10.1.90 10.20.0.1 any -P in ipsec
esp/tunnel/95.x.x.x-78.x.x.x/require;
Am I wrong?
Regards
Ralf
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Thanks guys, I try it tomorrow and I send you is it works or not.
Regards
Ralf
On Tue, 22 Jun 2010 20:26:36 +0200, Maciej Suszko
wrote:
> wrote:
>>
>> Hi,
>>
>> I try to set VPN like I wrote earlier.
>> 78.x is server and this is not NAT. He dont for
>
> I managed to do an IP in IP tunnel with IPsec encryption between a
> FreeBSD and a cisco router running 12.1(mumble) several years ago.
>
> It is a desirable option if you want to use routing (e.g. ospf). You
> can't route an IPSec tunnel (actually, is this now possible with enc0
> inter
Hi,
I set everything like you wrote and I can send and receice packets but
still I can't ping to host 10.10.1.90,
and when I type #setkey -D there is no SAD entry
What could it be?
This is part of racoon log:
Jun 23 09:43:57 czesio racoon: DEBUG: ===
Jun 23 09:43:57 czesio racoon: DEBUG: comp
Ok I found that my psk.txt has got wrong permissions
Now I can get SAD keys!
ISAKMP-SA established 78.x.x.x[500]-95.x.x.x[500]
spi:8a8881ee5182cbfb:53dab6ad5a65629d
But one thing - why can't I ping 10.10.1.90?
Regards
Ralf
On Wed, 23 Jun 2010 10:05:55 +0200, VANHULLEBUS Yvan
wrote:
10:25:30: DEBUG: pfkey GETSPI sent: ESP/Tunnel
95.x.x.x[0]->78.x.x.x[0]
2010-06-23 10:25:30: DEBUG: pfkey GETSPI succeeded: ESP/Tunnel
95.x.x.x[0]->78.x.x.x[0] spi=126966409(0x7915a89)
Is it good?
Ralf
___
freebsd-net@freebsd.org mailing list
http:/
do it?
netstat -rn print something like this:
DestinationGatewayFlagsRefs Use Netif Expire
default78.x.x.x UGS 3 49544466 bce1
10.10.1.90 10.20.0.1 UH 223813439 gif0
Is it ok? or I do something wrong?
Ral
Hmmm,
Maybe I do some error using gateway 10.20.0.1?
Maybe I have to set something in route to network 10.10.1.x go throught
gif0 interface?
Ralf
On Wed, 23 Jun 2010 10:58:31 +0200, VANHULLEBUS Yvan
wrote:
> On Wed, Jun 23, 2010 at 10:52:19AM +0200, r...@dzie-ciuch.pl wrote:
> []
&
p's) so now i got 4 lines and I opy block
remote and sainfo in racoon.conf.
I restart racoon and now I could only connect to 95.x.x.x (like last time)
but to 78.y.y.y I counldn't
Is it possible to do not create interface gif1 or should I do it?
Have I change someting in route table?
Rega
But its working!!
Ralf
On Wed, 23 Jun 2010 13:34:52 +0200, Maciej Suszko
wrote:
> wrote:
>>
>> Hmmm,
>>
>> Maybe I do some error using gateway 10.20.0.1?
>> Maybe I have to set something in route to network 10.10.1.x go
>> throught gif0 interface?
>
The following reply was made to PR kern/173475; it has been noted by GNATS.
From: Ralf Wenk
To: Emanuel Haupt
Cc: bug-follo...@freebsd.org
Subject: Re: kern/173475: [tun] tun(4) stays opened by PID after process is
terminated
Date: Tue, 12 Feb 2013 12:27:12 +0100
> Could you please try
15 matches
Mail list logo
