Single IP host and IPsec tunnel mode experience
Jacques A. Vidrine
nectar at FreeBSD.org
Sun Apr 20 09:55:45 PDT 2003
On Wed, Apr 16, 2003 at 07:36:21AM -0500, Jacques A. Vidrine wrote:
> On Tue, Apr 15, 2003 at 10:23:35PM -0700, Crist J. Clark wrote:
> > 'uname -a'?
>
> The endpoints were both 4.7.
>
> > I can't reproduce this on a 4.8 to 4.7 tunnel. On
> > 192.168.64.70,
> >
> > spdadd 192.168.64.70/32 10.0.0.0/24 any -P out
> > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require;
> > spdadd 10.0.0.0/24 192.168.64.70/32 any -P in
> > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require;
> >
> > And on 192.168.64.20, the gateway to 10.0.0.0/24,
> >
> > spdadd 192.168.64.70/32 10.0.0.0/24 any -P in
> > ipsec esp/tunnel/192.168.64.70-192.168.64.20/require;
> > spdadd 10.0.0.0/24 192.168.64.70/32 any -P out
> > ipsec esp/tunnel/192.168.64.20-192.168.64.70/require;
> >
> > Works fine.
>
> Hmm, yes, that appears to be exactly what I'm trying to do. Well,
> that's heartening ... it means that there is likely some anomoly in my
> environment that is hosing me. Now if only I can figure what it is :-)
Oddly enough ... ESP works, AH does not.
Cheers,
--
Jacques A. Vidrine <nectar at celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the freebsd-hackers
mailing list