VPN(touch-ID)/gif0/Dynamic Routing Issue
Amin Abdul
amin_abdul at hotmail.com
Tue Nov 25 14:09:11 PST 2003
Hello,
I have few questions regarding the Dynamic Rouitng (i.e. routed) and gif0
interface.
I go through the following documents:
http://www.freebsd.org/handbook/ipsec.html
http://asherah.dyndns.org/~josh/ipsec-howto.txt
and follow the following steps:
1. Configure the gif0 interface using the
www.freebsd.org/handbook/ipsec.html diagram as reference, it work fine
(tested by ping)
2. Configure IPSec in Transport mode (since I am interested in forwarding
dynamic routing information over point-2-point VPN) using
draft-touch-ipsec- vpn approach, i.e: IPSec policy
spdadd A.B.C.D W.X.Y.Z any -P out ipsec esp/transport//use;
spdadd W.X.Y.Z A.B.C.D any -P in ipsec esp/transport//use;
It works fine (ping test).
3. Now I start "routed" with "-s" options, It never saw any routing
information flow through the VPN (tcpdump).
4. So, I disabled the IPSec and try again but I still saw no routing
information over VPN (tcpdump).
5. So, I disabled the gif0 interface as well, I saw the RIP packets
exchanges between two freeBSD machine.
Summary:
1. routed works fine without gif0 interface.
2. VPN works fine without routed.
Question:
Now my questions are
1. There is any in-compatibility (or known bug) between routed and gif0
interface (I am using freeBSD 4.8 Release).
2. Is there any freeBSD document which describe how to configure gif0 and
routed together.
Thanks,
Amin
_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
More information about the freebsd-questions
mailing list