FreeBSD (Racoon) / Draytek Setup
Steve Greenshaw
steve at softgreen.co.uk
Thu Feb 26 03:13:25 PST 2004
Thanks. Works fine now when connecting from the Draytek ... getting a
'segmentation fault (cored dump)' from racoon when trying to initiate the
connection from the FreeBSD box, but some more fine tuning may be required.
Thanks again.
Steve.
----- Original Message -----
From: "Helge Oldach" <helge.oldach at atosorigin.com>
To: "Steve Greenshaw" <steve at softgreen.co.uk>
Cc: <freebsd-net at freebsd.org>
Sent: Thursday, February 26, 2004 7:40 AM
Subject: Re: FreeBSD (Racoon) / Draytek Setup
> Steve Greenshaw:
> >################
> >spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec
> >esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require;
> >spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec
> >esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require;
> >################
>
> Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip"
> encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this
> is just meaningless here as the gif interface just acts as a routing
> placeholder and doesn't actually transport traffic.)
>
> The other thing you might want to try is using "unique" instead of
> "require". This is necessary for ESP tunnel mode against Cisco boxes,
> and probably will catch your case as well.
>
> Maybe someone can explain the difference between these two? The manpage
> isn't really verbose...
>
> Regards,
> Helge
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
More information about the freebsd-net
mailing list