Strange problem with IPSEC, not entirely transparent.
Baldur Gislason
baldur at foo.is
Tue Nov 22 21:53:14 GMT 2005
I recently set up IPSEC communications between two hosts I have in different places.
One is FreeBSD 5.4-STABLE August 22. 2005. The other is 4.11-STABLE April 18th 2005.
I run a gif tunnel between them and routes for networks found on both sides are negotiated
by quagga using ospf.
the internet ips of the hosts are not listed as networks in ospfd.conf because that would
break the tunnel.
Now, here's the problem. When I have spmd and iked running on both ends, and everything between
the hosts goes by IPSEC, comms over the tunnel work fine but I cannot connect to any TCP ports
on the 5.4 machine from the 4.10 machine.
I can connect from the 5.4 machine to the 4.10 machine though.
Both machines can ping each other, no problems there. And all comms that go through the gif0 tunnel
work.
I tried flushing ipfw on both ends, no luck.
Any ideas?
Baldur
More information about the freebsd-net
mailing list