Fun with IPSEC and racoon - 5.2.1
Timothy Ham
tham at atta.nth-order.com
Fri Apr 9 14:07:22 PDT 2004
>
>Hi
>
>I've been having some fun with IPSEC, owing to the need to put in a VPN
>between two offices. At the far end, they've got a PIX, and I was pretty
>sure I could do this end with one of out FreeBSD boxen. As an
>experiment,
>I set up IPSEC (with keying provided by Racoon) between my (linux)
>desktop
>and that FreeBSD machine. That worked Just Fine.
Sounds like you're bitten by the broken IPSEC in 5.2 which still hasn't
been fixed in 5.2.1. For some reason the ISAKMP traffic that should go
around the ipsec policy isn't, and only on outgoing packets. Some info
here:
http://docs.freebsd.org/cgi/mid.cgi?20040203070435.GB46486
More information about the freebsd-questions
mailing list