Re: Can't set up an IPsec tunnel.
From: Eric Anderson (anderson@centtech.com)
Date: 01/24/02
- Next message: dr3node: "Re: Can't set up an IPsec tunnel."
- Previous message: Miguel Mendez: "Re: whois records hacked?"
- In reply to: dr3node: "Re: Can't set up an IPsec tunnel."
- Next in thread: dr3node: "Re: Can't set up an IPsec tunnel."
- Reply: dr3node: "Re: Can't set up an IPsec tunnel."
- Reply: Lawrence Sica: "Re: Can't set up an IPsec tunnel."
- Reply: Nate Williams: "Re: Can't set up an IPsec tunnel."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jan 2002 12:55:08 -0600 From: Eric Anderson <anderson@centtech.com> To: dr3node <rtfm@webburo.ru>
IPSEC won't work through masquarading boxes or NAT firewalls.
Eric
dr3node wrote:
>
> i've read everything i could find.
> that is the latest try:
> Remote host:
>
> ifconfig gif0 create tunnel 222.222.22.2 111.111.11.1
> ifconfig gif0 inet 222.222.22.2 192.168.0.1 netmask 0xffffff00
> setkey -FP
> setkey -F
> ipsec.conf:
> //
> spdadd 0.0.0.0/0 192.168.0.0/24 any -P out ipsec
> esp/tunnel/222.222.22.2-111.111.11.1/require;
> spdadd 192.168.0.0/24 0.0.0.0/0 any -P in ipsec
> esp/tunnel/111.111.11.1-222.222.22.2/require;
> //
> + racoon with the keys in /usr/local/etc/racoon/psk.txt
> setkey -f /etc/ipsec.conf
>
> Local gateway:
>
> ifconfig fxp0 111.111.11.1 netmask 0xffffffff alias
> ifconfig gif0 create tunnel 111.111.11.1 222.222.22.2
> ifconfig gif0 inet 192.168.0.1 222.222.22.2 netmask 0xffffff00
> setkey -FP
> setkey -F
>
> ipsec.conf:
> //
> spdadd 192.168.0.0/24 0.0.0.0/0 any -P out ipsec
> esp/tunnel/111.111.11.1-222.222.22.2/require;
> spdadd 0.0.0.0/0 192.168.0.0/24 any -P in ipsec
> esp/tunnel/222.222.22.2-111.111.11.1/require;
> //
>
> + racoon with the keys in /usr/local/etc/racoon/psk.txt
> setkey -f /etc/ipsec.conf
> and the connection on the gate drops down.
> the error is: /kernel: gif_output: recursively called too many times(2)
>
> i'm wondering what if any troubles because of that RedHat gate with the
> masquarade or because of my stupidy.
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- ------------------------------------------------------------------ Eric Anderson anderson@centtech.com Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: dr3node: "Re: Can't set up an IPsec tunnel."
- Previous message: Miguel Mendez: "Re: whois records hacked?"
- In reply to: dr3node: "Re: Can't set up an IPsec tunnel."
- Next in thread: dr3node: "Re: Can't set up an IPsec tunnel."
- Reply: dr3node: "Re: Can't set up an IPsec tunnel."
- Reply: Lawrence Sica: "Re: Can't set up an IPsec tunnel."
- Reply: Nate Williams: "Re: Can't set up an IPsec tunnel."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
