Thread: [Ipsec-tools-devel] Freebsd, racoon 0.8.0, Windows XP shrew 2.2.2
Brought to you by:
mit_warlord,
netbsd
From: Eric M. <em...@fr...> - 2013-12-02 15:15:41
|
Hi, I'm facing problems with the following setup : Client Windows XP, shrew soft vpn client 2.2.2 FreeBSD 8.2, ipsec-tools 0.8.0 The connexion seems established on the windows side, but any subsequent connexion to hosts on remote lan fails. Shrew log : config loaded for site 'xxx' attached to key daemon ... peer configured iskamp proposal configured esp proposal configured client configured local id configured remote id configured server cert configured bringing up tunnel ... network device configured tunnel enabled ipconfig : Carte Ethernet {5B5C04FC-883E-4D46-82D4-FEA35A154818}: Suffixe DNS propre à la connexion : xxx.xxx Description . . . . . . . . . . . : Shrew Soft Virtual Adapter - Miniport d'ordonnancement de paquets Adresse physique . . . . . . . . .: AA-AA-AA-B4-9C-00 DHCP activé. . . . . . . . . . . : Non Adresse IP. . . . . . . . . . . . : 10.93.0.90 Masque de sous-réseau . . . . . . : 255.255.255.0 Passerelle par défaut . . . . . . : Serveurs DNS . . . . . . . . . . : 10.93.0.60 10.50.0.60 Serveur WINS principal. . . . . . : 10.93.0.60 Serveur WINS secondaire . . . . . : 10.50.0.60 Routing table : Table de routage =========================================================================== Liste d'Interfaces 0x1 ........................... MS TCP Loopback interface 0x2 ...00 0c 29 a9 ec 4c ...... VMware PCI Ethernet Adapter - Miniport d'ordonnancement de paquets 0x10004 ...aa aa aa b4 9c 00 ...... Shrew Soft Virtual Adapter - Miniport d'ordonnancement de paquets =========================================================================== =========================================================================== Itinéraires actifs : Destination réseau Masque réseau Adr. passerelle Adr. interface Métrique 0.0.0.0 0.0.0.0 192.168.85.15 192.168.85.232 10 10.50.0.0 255.255.255.0 10.93.0.90 10.93.0.90 1 10.93.0.0 255.255.255.0 10.93.0.90 10.93.0.90 1 10.93.0.90 255.255.255.255 127.0.0.1 127.0.0.1 30 10.240.160.0 255.255.255.0 10.93.0.90 10.93.0.90 1 10.255.255.255 255.255.255.255 10.93.0.90 10.93.0.90 30 65.55.138.114 255.255.255.255 192.168.85.15 192.168.85.232 10 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.85.0 255.255.255.0 192.168.85.232 192.168.85.232 10 192.168.85.232 255.255.255.255 127.0.0.1 127.0.0.1 10 192.168.85.255 255.255.255.255 192.168.85.232 192.168.85.232 10 193.56.60.118 255.255.255.255 192.168.85.15 192.168.85.232 1 224.0.0.0 240.0.0.0 10.93.0.90 10.93.0.90 30 224.0.0.0 240.0.0.0 192.168.85.232 192.168.85.232 10 255.255.255.255 255.255.255.255 10.93.0.90 10.93.0.90 1 255.255.255.255 255.255.255.255 192.168.85.232 192.168.85.232 1 Passerelle par défaut : 192.168.85.15 =========================================================================== Itinéraires persistants : Aucun FreeBSD side : racoon log Nov 30 00:29:27 rtrbsdpanint racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net) Nov 30 00:29:27 rtrbsdpanint racoon: INFO: @(#)This product linked OpenSSL 0.9.8q 2 Dec 2010 (http://www.openssl.org/) Nov 30 00:29:27 rtrbsdpanint racoon: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" Nov 30 00:29:27 rtrbsdpanint racoon: INFO: Resize address pool from 0 to 10 Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[4500] used for NAT-T Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[4500] used as isakmp port (fd=14) Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[500] used for NAT-T Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[500] used as isakmp port (fd=15) Dec 2 15:57:13 rtrbsdpanint racoon: INFO: respond new phase 1 negotiation: a.b.c.d[500]<=>w.x.y.z[500] Dec 2 15:57:13 rtrbsdpanint racoon: INFO: begin Identity Protection mode. Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: RFC 3947 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received broken Microsoft ID: FRAGMENTATION Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: DPD Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: CISCO-UNITY Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] INFO: Selected NAT-T version: RFC 3947 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: Adding xauth VID payload. Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] WARNING: CR received, ignore it. It should be in other exchange. Dec 2 15:57:13 rtrbsdpanint racoon: [a.b.c.d] INFO: Hashing a.b.c.d[500] with algo #2 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: NAT-D payload #0 verified Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] INFO: Hashing w.x.y.z[500] with algo #2 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: NAT-D payload #1 doesn't match Dec 2 15:57:13 rtrbsdpanint racoon: INFO: NAT detected: PEER Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] INFO: Hashing w.x.y.z[500] with algo #2 Dec 2 15:57:13 rtrbsdpanint racoon: [a.b.c.d] INFO: Hashing a.b.c.d[500] with algo #2 Dec 2 15:57:13 rtrbsdpanint racoon: INFO: Adding remote and local NAT-D payloads. Dec 2 15:57:14 rtrbsdpanint racoon: INFO: NAT-T: ports changed to: w.x.y.z[4500]<->a.b.c.d[4500] Dec 2 15:57:14 rtrbsdpanint racoon: INFO: KA list add: a.b.c.d[4500]->w.x.y.z[4500] Dec 2 15:57:14 rtrbsdpanint racoon: INFO: No SIG was passed, but hybrid auth is enabled Dec 2 15:57:14 rtrbsdpanint racoon: INFO: Sending Xauth request Dec 2 15:57:14 rtrbsdpanint racoon: INFO: ISAKMP-SA established a.b.c.d[4500]-w.x.y.z[4500] spi:932ada3b96c3f540:cd64c7c36df17116 Dec 2 15:57:14 rtrbsdpanint racoon: [w.x.y.z] INFO: received INITIAL-CONTACT Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Using port 0 Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Unexpected attribute: 7 Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Unexpected attribute: 6 Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Unexpected attribute: 25 Dec 2 15:57:19 rtrbsdpanint racoon: INFO: login succeeded for user "emss" Dec 2 15:57:19 rtrbsdpanint racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY local.conf : # # rtrbsdpanint configuration file # listen { isakmp a.b.c.d [500]; isakmp_natt a.b.c.d [4500]; } remote anonymous { exchange_mode main; verify_identifier on; my_identifier asn1dn; peers_identifier asn1dn; certificate_type x509 "vpngw.crt" "vpngw.key"; ca_type x509 "ca.crt"; passive on; generate_policy on; ike_frag on; nat_traversal on; dpd_delay 30; proposal_check claim; lifetime time 24 hours; proposal { encryption_algorithm aes 256; hash_algorithm sha1; authentication_method hybrid_rsa_server; dh_group 5; } } mode_cfg { auth_source radius; accounting radius; conf_source local; network4 10.93.0.90; pool_size 10; netmask4 255.255.255.0; dns4 10.93.0.60, 10.50.0.60; wins4 10.93.0.60, 10.50.0.60; default_domain "xxx.xxx"; split_dns "xxx.xxx"; split_network include 10.93.0.0/24, 10.50.0.0/24, 10.240.160.0/24; } sainfo anonymous { lifetime time 3600 seconds; encryption_algorithm aes 256; authentication_algorithm hmac_md5,hmac_sha1; compression_algorithm deflate; } racoon.conf : # # Common configuration file # # Path path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; path certificate "/usr/local/etc/racoon/certs" ; path script "/usr/local/etc/racoon/scripts" ; # Logging level : error, warning, notify, info, debug and debug2 log info; # Local configuration include "local.conf" ; # Padding padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } # Timer timer { # These value can be changed per remote node. counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. # NATT handling natt_keepalive 10sec; # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } racoonctl shows interesting behaviour : ladmin@rtrbsdpanint:~> sudo racoonctl show-sa isakmp Destination Cookies Created w.x.y.z 932ada3b96c3f540:cd64c7c36df17116 2013-12-02 15:57:14 ladmin@rtrbsdpanint:~> sudo racoonctl show-sa esp No SAD entries. ladmin@rtrbsdpanint:~> sudo racoonctl show-sa ah No SAD entries. ladmin@rtrbsdpanint:~> sudo racoonctl show-sa ipsec No SAD entries. >From memory, racoon should generate the SPD and then manage SAs. Increasing debug level doesn't show any obvious error to me. I've checked that packets are not blocked by pf (all block statements are logged). Has anyone an idea regarding this issue, please ? Regards Éric Masson -- L'IRQ a été inventée par Murphy ; le partage des IRQ, par quelqu'un voulant le defier |
From: Alexander S. <ale...@gm...> - 2013-12-02 15:48:07
|
I am not an expert but it looks like you only got Phase 1 and additional XAuth done. MODECFG step is missed. I suppose your client should also start MODECFG negotiation immediately after Phase 1 and Phase 2 negotiation as soon as packets for remote hosts appear. Your also can check if racoon really create SPD for your client and in case it does experiment by sending packets from remote hosts back to your client. I can only guess that without MODECFG there is no IP assigned to client, and without client IP no SPD are ever generated. On 12/02/2013 07:15 PM, Eric Masson wrote: > Hi, > > I'm facing problems with the following setup : > Client Windows XP, shrew soft vpn client 2.2.2 > FreeBSD 8.2, ipsec-tools 0.8.0 > > The connexion seems established on the windows side, but any subsequent > connexion to hosts on remote lan fails. > > Shrew log : > config loaded for site 'xxx' > attached to key daemon ... > peer configured > iskamp proposal configured > esp proposal configured > client configured > local id configured > remote id configured > server cert configured > bringing up tunnel ... > network device configured > tunnel enabled > > ipconfig : > Carte Ethernet {5B5C04FC-883E-4D46-82D4-FEA35A154818}: > > Suffixe DNS propre à la connexion : xxx.xxx > Description . . . . . . . . . . . : Shrew Soft Virtual Adapter - Miniport d'ordonnancement de paquets > Adresse physique . . . . . . . . .: AA-AA-AA-B4-9C-00 > DHCP activé. . . . . . . . . . . : Non > Adresse IP. . . . . . . . . . . . : 10.93.0.90 > Masque de sous-réseau . . . . . . : 255.255.255.0 > Passerelle par défaut . . . . . . : > Serveurs DNS . . . . . . . . . . : 10.93.0.60 > 10.50.0.60 > Serveur WINS principal. . . . . . : 10.93.0.60 > Serveur WINS secondaire . . . . . : 10.50.0.60 > > Routing table : > Table de routage > =========================================================================== > Liste d'Interfaces > 0x1 ........................... MS TCP Loopback interface > 0x2 ...00 0c 29 a9 ec 4c ...... VMware PCI Ethernet Adapter - Miniport d'ordonnancement de paquets > 0x10004 ...aa aa aa b4 9c 00 ...... Shrew Soft Virtual Adapter - Miniport d'ordonnancement de paquets > =========================================================================== > =========================================================================== > Itinéraires actifs : > Destination réseau Masque réseau Adr. passerelle Adr. interface Métrique > 0.0.0.0 0.0.0.0 192.168.85.15 192.168.85.232 10 > 10.50.0.0 255.255.255.0 10.93.0.90 10.93.0.90 1 > 10.93.0.0 255.255.255.0 10.93.0.90 10.93.0.90 1 > 10.93.0.90 255.255.255.255 127.0.0.1 127.0.0.1 30 > 10.240.160.0 255.255.255.0 10.93.0.90 10.93.0.90 1 > 10.255.255.255 255.255.255.255 10.93.0.90 10.93.0.90 30 > 65.55.138.114 255.255.255.255 192.168.85.15 192.168.85.232 10 > 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 > 192.168.85.0 255.255.255.0 192.168.85.232 192.168.85.232 10 > 192.168.85.232 255.255.255.255 127.0.0.1 127.0.0.1 10 > 192.168.85.255 255.255.255.255 192.168.85.232 192.168.85.232 10 > 193.56.60.118 255.255.255.255 192.168.85.15 192.168.85.232 1 > 224.0.0.0 240.0.0.0 10.93.0.90 10.93.0.90 30 > 224.0.0.0 240.0.0.0 192.168.85.232 192.168.85.232 10 > 255.255.255.255 255.255.255.255 10.93.0.90 10.93.0.90 1 > 255.255.255.255 255.255.255.255 192.168.85.232 192.168.85.232 1 > Passerelle par défaut : 192.168.85.15 > =========================================================================== > Itinéraires persistants : > Aucun > > FreeBSD side : > racoon log > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: @(#)ipsec-tools 0.8.0 (http://ipsec-tools.sourceforge.net) > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: @(#)This product linked OpenSSL 0.9.8q 2 Dec 2010 (http://www.openssl.org/) > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: Reading configuration from "/usr/local/etc/racoon/racoon.conf" > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: Resize address pool from 0 to 10 > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[4500] used for NAT-T > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[4500] used as isakmp port (fd=14) > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[500] used for NAT-T > Nov 30 00:29:27 rtrbsdpanint racoon: INFO: a.b.c.d[500] used as isakmp port (fd=15) > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: respond new phase 1 negotiation: a.b.c.d[500]<=>w.x.y.z[500] > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: begin Identity Protection mode. > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-01 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: RFC 3947 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received broken Microsoft ID: FRAGMENTATION > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: DPD > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: received Vendor ID: CISCO-UNITY > Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] INFO: Selected NAT-T version: RFC 3947 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: Adding xauth VID payload. > Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] WARNING: CR received, ignore it. It should be in other exchange. > Dec 2 15:57:13 rtrbsdpanint racoon: [a.b.c.d] INFO: Hashing a.b.c.d[500] with algo #2 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: NAT-D payload #0 verified > Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] INFO: Hashing w.x.y.z[500] with algo #2 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: NAT-D payload #1 doesn't match > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: NAT detected: PEER > Dec 2 15:57:13 rtrbsdpanint racoon: [w.x.y.z] INFO: Hashing w.x.y.z[500] with algo #2 > Dec 2 15:57:13 rtrbsdpanint racoon: [a.b.c.d] INFO: Hashing a.b.c.d[500] with algo #2 > Dec 2 15:57:13 rtrbsdpanint racoon: INFO: Adding remote and local NAT-D payloads. > Dec 2 15:57:14 rtrbsdpanint racoon: INFO: NAT-T: ports changed to: w.x.y.z[4500]<->a.b.c.d[4500] > Dec 2 15:57:14 rtrbsdpanint racoon: INFO: KA list add: a.b.c.d[4500]->w.x.y.z[4500] > Dec 2 15:57:14 rtrbsdpanint racoon: INFO: No SIG was passed, but hybrid auth is enabled > Dec 2 15:57:14 rtrbsdpanint racoon: INFO: Sending Xauth request > Dec 2 15:57:14 rtrbsdpanint racoon: INFO: ISAKMP-SA established a.b.c.d[4500]-w.x.y.z[4500] spi:932ada3b96c3f540:cd64c7c36df17116 > Dec 2 15:57:14 rtrbsdpanint racoon: [w.x.y.z] INFO: received INITIAL-CONTACT > Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Using port 0 > Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Unexpected attribute: 7 > Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Unexpected attribute: 6 > Dec 2 15:57:19 rtrbsdpanint racoon: INFO: Unexpected attribute: 25 > Dec 2 15:57:19 rtrbsdpanint racoon: INFO: login succeeded for user "emss" > Dec 2 15:57:19 rtrbsdpanint racoon: WARNING: Ignored attribute INTERNAL_ADDRESS_EXPIRY > > local.conf : > # > # rtrbsdpanint configuration file > # > > listen { > isakmp a.b.c.d [500]; > isakmp_natt a.b.c.d [4500]; > } > > remote anonymous { > exchange_mode main; > > verify_identifier on; > my_identifier asn1dn; > peers_identifier asn1dn; > certificate_type x509 "vpngw.crt" "vpngw.key"; > ca_type x509 "ca.crt"; > > passive on; > generate_policy on; > ike_frag on; > nat_traversal on; > dpd_delay 30; > > proposal_check claim; > lifetime time 24 hours; > > proposal { > encryption_algorithm aes 256; > hash_algorithm sha1; > authentication_method hybrid_rsa_server; > dh_group 5; > } > } > > mode_cfg { > auth_source radius; > accounting radius; > > conf_source local; > network4 10.93.0.90; > pool_size 10; > netmask4 255.255.255.0; > > dns4 10.93.0.60, 10.50.0.60; > wins4 10.93.0.60, 10.50.0.60; > default_domain "xxx.xxx"; > split_dns "xxx.xxx"; > > split_network include 10.93.0.0/24, 10.50.0.0/24, 10.240.160.0/24; > } > > sainfo anonymous > { > lifetime time 3600 seconds; > encryption_algorithm aes 256; > authentication_algorithm hmac_md5,hmac_sha1; > compression_algorithm deflate; > } > > racoon.conf : > # > # Common configuration file > # > > # Path > path include "/usr/local/etc/racoon" ; > path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; > path certificate "/usr/local/etc/racoon/certs" ; > path script "/usr/local/etc/racoon/scripts" ; > > # Logging level : error, warning, notify, info, debug and debug2 > log info; > > # Local configuration > include "local.conf" ; > > # Padding > padding > { > maximum_length 20; # maximum padding length. > randomize off; # enable randomize length. > strict_check off; # enable strict check. > exclusive_tail off; # extract last one octet. > } > > # Timer > timer > { > # These value can be changed per remote node. > counter 5; # maximum trying count to send. > interval 20 sec; # maximum interval to resend. > persend 1; # the number of packets per a send. > > # NATT handling > natt_keepalive 10sec; > > # timer for waiting to complete each phase. > phase1 30 sec; > phase2 15 sec; > } > > racoonctl shows interesting behaviour : > ladmin@rtrbsdpanint:~> sudo racoonctl show-sa isakmp > Destination Cookies Created > w.x.y.z 932ada3b96c3f540:cd64c7c36df17116 2013-12-02 15:57:14 > ladmin@rtrbsdpanint:~> sudo racoonctl show-sa esp > No SAD entries. > ladmin@rtrbsdpanint:~> sudo racoonctl show-sa ah > No SAD entries. > ladmin@rtrbsdpanint:~> sudo racoonctl show-sa ipsec > No SAD entries. > > >From memory, racoon should generate the SPD and then manage SAs. > Increasing debug level doesn't show any obvious error to me. > > I've checked that packets are not blocked by pf (all block statements > are logged). > > Has anyone an idea regarding this issue, please ? > > Regards > > Éric Masson > |
From: Eric M. <em...@fr...> - 2013-12-02 17:01:18
|
Alexander Sbitnev <ale...@gm...> writes: Hi Alexander, > I am not an expert but it looks like you only got Phase 1 and > additional XAuth done. MODECFG step is missed. > I suppose your client should also start MODECFG negotiation immediately > after Phase 1 and Phase 2 negotiation as soon as packets for remote > hosts appear. > Your also can check if racoon really create SPD for your client and in > case it does experiment by sending packets from remote hosts back to > your client. > I can only guess that without MODECFG there is no IP assigned to client, > and without client IP no SPD are ever generated. I downgraded shrew vpn client to 2.1.7 and policies and SA are generated the right way now. I can see packets on FreeBSD box internal interface. There's still a problem, the FreeBSD gateway doesn't act as an arp proxy for the ip address assigned to the client. I've tried to solve this issue by adding a permanent entry in the FreeBSD box arp table, but it doesn't answer to "who has" arp requests. Don't know if this is still a racoon issue or a pure FreeBSD one. Regards Éric Masson -- Toute non, seul une petite bande de macintoshiens résistent encore et toujours à l'envahisseur ouindoze. Leur force, ils la tirent de leur potion magique : MacOS, préparée par leur druide Steve Jobs. -+- SC in Guide du Macounet Pervers : Ils sont fous ces Beurkistes! -+- |
From: Eric M. <em...@fr...> - 2013-12-03 07:59:51
|
Eric Masson <em...@fr...> writes: Hi, > I've tried to solve this issue by adding a permanent entry in the > FreeBSD box arp table, but it doesn't answer to "who has" arp requests. Last problem was circumvented by using a different ip subnet for vpn clients. Everything runs smoothly now, sorry for the noise. Regards Éric Masson -- Ce ne sont que des propositions. Je ne veux pas les faire passer en force. Je pense que si mes idées doivent être reprises, elles ne doivent pas passer au vote, pour plusieurs raison : -+- BC in : http://neuneu.ctw.cc - Neuneu sans vote et sans forcer -+- |