IPsec issue

Kris Maglione bsdaemon at comcast.net
Mon Jan 24 13:54:30 PST 2005

I secure my wireless network with IPsec. The rules are generated with a 
perl script (included below) with a rule for each ip in the range (.2 is my AP). The key exchange is handled by 
racoon and works without issue. I have "allow ip from any to any" as my 
first ipfw rule when on this network. My firewall allows DHCP and ISAKMP 
traffic unencrypted and allows only esp traffic otherwise.

My problem is that certain websites tend not to work. I can look them up 
and  make a connection, but I get no incoming packets, although on 
occasion they do work. Google is one such site. Also, it seems that 
images don't always load for any site. Neither firewall is blocking the 
traffic. When I make an OpenVPN link over the connection (it's easier 
than disabling IPsec, since it's already setup for when I'm away from 
home), the same websites work fine.

Any ideas? It just struck me that maybe parallel connections to the same 
address are at root of the issue, but I have no real evidence.

What more information would be useful?


Perl script that generates /etc/ipsec.conf:

use strict;

my $fw = "";

print "flush;","\n",

foreach (3..254) {
    my $ip = "192.168.1.$_";

    print "\n";
       "spdadd $ip/32 any -P out ipsec 
       "spdadd $ip/32 any -P in  ipsec 

More information about the freebsd-questions mailing list