Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ...

From: Crist J. Clark (crist.clark@attbi.com)
Date: 07/30/02

• Next message: Geir Råness: "About the openssl hole"
• Previous message: Cezary Nolewajka: "(no subject)"
• In reply to: Matthew Grooms: "Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Jul 2002 00:48:13 -0700
From: "Crist J. Clark" <crist.clark@attbi.com>
To: Matthew Grooms <mgrooms@seton.org>

[Please, -questions or -security, but not both.]

On Mon, Jul 29, 2002 at 02:49:22PM -0500, Matthew Grooms wrote:
> Ok, Im a moron. I was trying to use the gif griver whan I shouldn't
> have.

I've never figured out why people use gif(4) interfaces when ESP does
the tunneling for you.

[snip]

> When the connection is initiated from the bsd side, traffic passes
> through the vpn1 box, enencrypted and routed to the remote host without
> a problem. Unfotunately, the response from the remote host gets caught
> up on the return trip. I am guessing this is because the bsd and vpn1
> box agree on an outbound ( from the bsd boxs perspective ) proposal but
> cannot agree on an inbound proposal. The checkpoint error logs say
> 'encryption failure : no response from peer'. However, here is some
> tcpdump output that shows bi-directional communications. Im not sure how
> to interperate this. Any ideas anyone?
>
> tcpdump: listening on eth0

The output from running racoon(8) with the '-d' option would be much
more useful.

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Geir Råness: "About the openssl hole"
• Previous message: Cezary Nolewajka: "(no subject)"
• In reply to: Matthew Grooms: "Re: vpn1/fw1 NG to ipsec/racoon troubles, help please ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Dr. Jai Maharaj - ARE YOU REALLY A DOCTOR? ... >I suspect there will be no response to this and I will not wonder why. ... Dr.Postman USPS, MBMC, BsD; "Disgruntled, But Unarmed" Member,Board of Directors of afa-b, SKEP-TI-CULT® member #15-51506-253. ... (sci.physics) Re: Dr. Jai Maharaj - ARE YOU REALLY A DOCTOR? ... >I suspect there will be no response to this and I will not wonder why. ... Dr.Postman USPS, MBMC, BsD; "Disgruntled, But Unarmed" Member,Board of Directors of afa-b, SKEP-TI-CULT® member #15-51506-253. ... (sci.astro) Re: $1100 laptop shootout, MacBook vs Dell Inspiron E1045 ... posted if the Dell had won. ... I didn't read your response, but I'm assuming you're full of shit anyway. ... OS X is partially based on BSD (esp. ... (comp.sys.mac.advocacy) Re: Fibrechannel support in 4.9 ? ... Dont want toclog this maininglist with non BSd discussion, ... but I did want to say "thanks"for that response - highly detailed ... (freebsd-stable)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint