Racoon/IPSEC Tunnel in 9.2 vs 10.0
Matt Lager
matt at soliddataservices.com
Wed Apr 9 20:14:22 UTC 2014
I have used IPSEC tunnels w/ racoon to establish point to point VPN
connections for a long time, with great success. I recently decided to
upgrade one of my endpoints to 10.0-RELEASE from 9.2-RELEASE-p3. I
didn't do an upgrade but did a fresh installation of 10.0-RELEASE, but
applied the identical VPN configuration that was working in
9.2-RELEASE-p3. The tunnels came up fine, and setkey -D shows that keys
had been generated, connectivity appeared to be working at first glance.
I then started to work as normal through my VPN with things like RDP,
SQL Server, and other protocols, where I found that connectivity started
then came to a dead halt (not ICMP, which always works fine). I did
another fresh install of 9.2-RELEASE-p3, applied the config, and
everything worked as expected.
I've read a lot about MTU's and fragmented traffic, but I'm trying to
figure out where I should be looking to fix things up. Something
obviously changed. I do use PF, and I know PF underwent some big
changes, so maybe it's a PF problem, but I thought I'd post here first.
I'm using the same PF config on the 10.0 system as I did on the 9.2, of
course making sure interfaces were all named properly and whatnot.
Any advice would be appreciated. Thanks!
Matt
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the freebsd-net
mailing list