IPsec issue

[Kris Maglione]

I secure my wireless network with IPsec. The rules are generated with a 
perl script (included below) with a rule for each ip in the range 
192.168.1.3-192.168.1.254 (.2 is my AP). The key exchange is handled by 
racoon and works without issue. I have "allow ip from any to any" as my 
first ipfw rule when on this network. My firewall allows DHCP and ISAKMP 
traffic unencrypted and allows only esp traffic otherwise.

My problem is that certain websites tend not to work. I can look them up 
and  make a connection, but I get no incoming packets, although on 
occasion they do work. Google is one such site. Also, it seems that 
images don't always load for any site. Neither firewall is blocking the 
traffic. When I make an OpenVPN link over the connection (it's easier 
than disabling IPsec, since it's already setup for when I'm away from 
home), the same websites work fine.

Any ideas? It just struck me that maybe parallel connections to the same 
address are at root of the issue, but I have no real evidence.

What more information would be useful?
Thanks.
Perl script that generates /etc/ipsec.conf:
#!/usr/bin/perl
use strict;
my $fw = "192.168.1.1";
print "flush;","\n",
     "spdflush;","\n";
foreach (3..254) {
   my $ip = "192.168.1.$_";
   print "\n";
  
   print
      "spdadd $ip/32 0.0.0.0/0 any -P out ipsec 
esp/tunnel/$ip-$fw/require;\n",
      "spdadd 0.0.0.0/0 $ip/32 any -P in  ipsec 
esp/tunnel/$fw-$ip/require;\n";
}
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"