Problems using ipsec transport mode with a gateway
Regis.HANNA at fr.thalesgroup.com
Regis.HANNA at fr.thalesgroup.com
Tue Dec 16 07:01:19 PST 2003
Hello,
My network configuration is 2 subnets separated by a gateway :
|--------| 1.1.1.0/24 |-----------------| 2.1.1.0/24 |--------------|
| Host 1 |--------------| FreeBSD gateway |--------------| FreeBSD host |
|--------| |-----------------| |--------------|
1.1.1.4 1.1.1.1 2.1.1.1 2.1.1.4
non ciphered data ciphered data
I want to protect data between Host 1 and FreeBSD host, only in the
2.1.1.0/24 subnet by using ipsec in TRANSPORT mode. I choose transport mode
because of low overhead and higher performances.
I observe that data from Host 1 to FreeBSD host are ok but data from FreeBSD
host to Host 1 are STOPPED in the FreeBSD gateway. When I use ipsec in
tunnel mode it is always ok.
The FreeBSD gateway setkey configuration is :
add 2.1.1.1 2.1.1.4 esp 1000 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
add 2.1.1.4 2.1.1.1 esp 1001 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
spdadd 1.1.1.4 2.1.1.4 any -P out ipsec
esp/transport/2.1.1.1-2.1.1.4/require;
spdadd 2.1.1.4 1.1.1.4 any -P in ipsec
esp/transport/2.1.1.4-2.1.1.1/require;
The FreeBSD host setkey configuration is :
add 2.1.1.1 2.1.1.4 esp 1000 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
add 2.1.1.4 2.1.1.1 esp 1001 -m transport -E rijndael-cbc
"PASSWORDPASSWORD";
spdadd 1.1.1.4 2.1.1.4 any -P in ipsec
esp/transport/2.1.1.1-2.1.1.4/require;
spdadd 2.1.1.4 1.1.1.4 any -P out ipsec
esp/transport/2.1.1.4-2.1.1.1/require;
I use FreeBSD 5.1.
Thank you in advance,
Regis Hanna.
More information about the freebsd-net
mailing list