IPSEC/racoon tunnel 9.2 vs 10.0
matt at soliddataservices.com
Mon Apr 7 21:38:08 UTC 2014
I have used IPSEC tunnels w/ racoon to establish point to point VPN
connections for a long time, with great success. I recently decided to
upgrade one of my endpoints to 10.0-RELEASE from 9.2-RELEASE-p3. I
didn't do an upgrade but did a fresh installation of 10.0-RELEASE, but
applied the identical VPN configuration that was working in
9.2-RELEASE-p3. The tunnels came up fine, and setkey -D shows that keys
had been generated, connectivity appeared to be working at first glance.
I then started to work as normal through my VPN with things like RDP,
SQL Server, and other protocols, where I found that connectivity started
then came to a dead halt (not ICMP, which always works fine). I did
another fresh install of 9.2-RELEASE-p3, applied the config, and
everything worked as expected.
I've read a lot about MTU's and fragmented traffic, but I'm trying to
figure out where I should be looking to fix things up. Something
obviously changed. I do use PF, and I know PF underwent some big
changes, so maybe it's a PF problem, but I thought I'd post here first.
I'm using the same PF config on the 10.0 system as I did on the 9.2, of
course making sure interfaces were all named properly and whatnot.
Any advice would be appreciated. Thanks!
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-questions