Thanks. Works fine now when connecting from the Draytek ... getting a 'segmentation fault (cored dump)' from racoon when trying to initiate the connection from the FreeBSD box, but some more fine tuning may be required.
Thanks again. Steve. ----- Original Message ----- From: "Helge Oldach" <[EMAIL PROTECTED]> To: "Steve Greenshaw" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, February 26, 2004 7:40 AM Subject: Re: FreeBSD (Racoon) / Draytek Setup > Steve Greenshaw: > >################ > >spdadd 192.168.32.0/24 192.168.1.0/24 ipencap -P out ipsec > >esp/tunnel/AAA.AAA.AAA.AAA-BBB.BBB.BBB.BBB/require; > >spdadd 192.168.1.0/24 192.168.32.0/24 ipencap -P in ipsec > >esp/tunnel/BBB.BBB.BBB.BBB-AAA.AAA.AAA.AAA/require; > >################ > > Try using "any" instead of "ipencap". (AFAIK gif(4) implements "ipip" > encapsulation ((protocol 94)) and not "ipip" ((protocol 4)). But this > is just meaningless here as the gif interface just acts as a routing > placeholder and doesn't actually transport traffic.) > > The other thing you might want to try is using "unique" instead of > "require". This is necessary for ESP tunnel mode against Cisco boxes, > and probably will catch your case as well. > > Maybe someone can explain the difference between these two? The manpage > isn't really verbose... > > Regards, > Helge > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
