But as soon as I start an scp from Perspex to Soekris, Perspex reboots
after a few hundred kb. Unfortunately, Perspex is in a datacenter and I
do not have console access to it to see what the heck is happening at that
exact moment.
I don't recall. But for the record (IPSEC inside GRE):
If the Transport IPSEC connection is negotiated between two hosts inside the
GRE tunnel private subnet and the IPSEC connection goes down, the data flows in
cleartext. *bad*
The opposite would be (GRE-inside-IPSEC-Transport):
If the Transport IPSEC tunnel is built between the two hosts` public interfaces
and the GRE tunnel is built normally and thus encrypted, things should work.
Of course, we run into the crash.
The trick was I tried it on OpenBSD/Sparc where there is no-such-thing as
"Flash back to the BIOS" and it turns out a Sun "watchdog timer" is getting
hit. Watchdog timers on i386 must cause the BIOS to reset. So the problem is
in-kernel and the config is probably too obscure for developers to spend time
on.
My solution was to re-IP my network properly, and use IP Supernets/
summarization/ subnet aggregation thus consolidating the need for so many
spokes on a hub-and-spoke VPN config.
~~BAS
I noticed that there were no responses to your thread, but I was wondering
if you had worked out your problem or if you decided to go the ipsec
encapsulated in gre.
Cheers,
/Jason
--
Jason Taylor
e: [EMAIL PROTECTED]
m: 514-815-8204
l8*
-lava
x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
