Can't configure a simple IPSec (manual SA/SP)
Olivier Cochard-Labbé
olivier at cochard.me
Fri Oct 25 16:13:54 UTC 2013
On Fri, Oct 25, 2013 at 3:35 PM, VANHULLEBUS Yvan <vanhu at freebsd.org> wrote:
> Do you use some bridging configuration ? Do you have some kind of
> filtering/NAT rules ? Some complex routing tables ?
No bridging, no firewall, no complex routing: the IPSec gate Fhave
only one default gateway.
>
>
> Can you send the output (on your IPsec gate) of:
> sysctl -a net.inet.ip.fastforwarding
[root at R2]~# sysctl -a net.inet.ip.fastforwarding
net.inet.ip.fastforwarding: 1
I didn't understand why you ask me the status of the fastforwarding:
Then I've disabled it, and re-try my IPsec configuration… Problem
solved !
I've found the notice regarding fastforwarding being not compatible
with IPSec in the inet(4) man page: I was not aware of this
compatibility issue.
I've proposed a little improvement on the rc.d/ipsec script for
checking the fastforwarding state : PR/183303.
Thanks a lot's Yvan !!
More information about the freebsd-net
mailing list