FreeBSD7 + pf + ipsec
Roman Otsaljuk
romzes at upstar.com.ua
Wed Apr 16 09:23:28 UTC 2008
hi all.
i have two localnets linked over ipsec:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html
network schema:
192.168.0.0/24 <---> [192.168.0.12=freebsd=2.2.2.2] <--inet-->
[1.1.1.1=freebsd1=10.31.0.5] <---->10.31.0.5/26
on both points was 6.2, firewall - pf.
after updating to 7.0 vpn doesn't work:
0) pings go normal
0) tcp packets go too, but third packet with R flag:
from 192.168.0.12 try: ssh 10.31.0.42, on second console:
mail# tcpdump -ni gif0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gif0, link-type NULL (BSD loopback), capture size 68 bytes
10:49:43.912469 IP 192.168.0.12.63996 > 10.31.0.42.22: S 1756351354:1756351354(0) win 65535 <mss 1240,nop,wscale 3,sackOK,timestamp 51087105 0>
10:49:43.936245 IP 217.20.174.35 > 195.43.43.238: IP 10.31.0.42.22 > 192.168.0.12.63996: S 4244314344:4244314344(0) ack 1756351355 win 65535 <mss 1460,[|tcp]> (ipip-proto-4)
10:49:43.936360 IP 192.168.0.12.63996 > 10.31.0.42.22: R 1318200353:1318200353(0) win 0
0) adding the first rule (pass quick all) on both - without changes;
0) downing pf: in localnet, in wich pf downed - all good.
any ideas?
p.s. the same if IPsec replaced by vpnd--------
sorry my bad English
More information about the freebsd-questions
mailing list