AW: AW: [pfSense Support] IPSec connection problem

hricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 7. April 2007 21:31 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] IPSec connection problem On 4/7/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: > And another one > Attached... > > Until now

AW: AW: [pfSense Support] IPSec connection problem

Hmmm... that's sad... But ok ;-) Thanks for having a look, Martin -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 7. April 2007 21:31 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] IPSec connection problem On 4/7/07, Fuchs, M

Re: AW: [pfSense Support] IPSec connection problem

On 4/7/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: And another one Attached... Until now i tried a bit but without success :-( It killed my ipsec config ;-) Unfortunately this is going to require too much refactoring to be able to make it into 1.2. I have removed the IP Compression box and w

AW: AW: [pfSense Support] IPSec connection problem

richt- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 7. April 2007 02:56 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] IPSec connection problem On 4/6/07, Matthew Grooms <[EMAIL PROTECTED]> wrote: > This means the protocol is enabled in the kernel. If it

Re: AW: [pfSense Support] IPSec connection problem

On 4/6/07, Matthew Grooms <[EMAIL PROTECTED]> wrote: This means the protocol is enabled in the kernel. If it was configured for an IPSEC policy in use, you would see IPCOMP security associations via 'setkey -D' much the same as ESP or AH security associations. As traffic passes, the sequence numb

Re: AW: [pfSense Support] IPSec connection problem

Fuchs, Martin wrote: It tells me ipcomp tob e enabled: net.inet.ipcomp.ipcomp_enable: 1 This means the protocol is enabled in the kernel. If it was configured for an IPSEC policy in use, you would see IPCOMP security associations via 'setkey -D' much the same as ESP or AH security associatio

AW: [pfSense Support] IPSec connection problem

in [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 7. April 2007 00:41 An: support@pfsense.com Betreff: AW: [pfSense Support] IPSec connection problem It tells me ipcomp tob e enabled: net.inet.ipcomp.ipcomp_enable: 1 -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED]

AW: [pfSense Support] IPSec connection problem

It tells me ipcomp tob e enabled: net.inet.ipcomp.ipcomp_enable: 1 -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 7. April 2007 00:25 An: support@pfsense.com Betreff: Re: [pfSense Support] IPSec connection problem On 4/6/07, Fuchs, Martin

Re: [pfSense Support] IPSec connection problem

On 4/6/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: Just in progress :-) I run a vpn test with ixia qcheck with and without compression and got the following results: Compression on: 672,892 Kbps Compression off: 675,562 Kbps Hmmm, looks strange to me as i fit would not compress too much !?

AW: [pfSense Support] IPSec connection problem

: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 6. April 2007 23:32 An: support@pfsense.com Betreff: Re: [pfSense Support] IPSec connection problem On 4/6/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: > Just downloaded the new snapshot and tested the following: > > Both tunne

Re: [pfSense Support] IPSec connection problem

On 4/6/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: Just downloaded the new snapshot and tested the following: Both tunnel-endpoints are pfsense with the latest snapshot server uncompressed with client compressed: works server compressed with client uncompressed: works both server and client se

AW: [pfSense Support] IPSec connection problem

:-) -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 6. April 2007 20:40 An: support@pfsense.com Betreff: Re: [pfSense Support] IPSec connection problem On 4/6/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: > Cool, i'll check... > > If the

AW: [pfSense Support] IPSec connection problem

You're the boss ;-) Report follows ;-) -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 6. April 2007 20:40 An: support@pfsense.com Betreff: Re: [pfSense Support] IPSec connection problem On 4/6/07, Fuchs, Martin <[EMAIL PROTECTED

Re: [pfSense Support] IPSec connection problem

On 4/6/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: Cool, i'll check... If the other side does not support compression, it will not be used, the tunnel will be established anyway, correct ? Not sure. Try it and report back. Scott

AW: [pfSense Support] IPSec connection problem

f: Re: [pfSense Support] IPSec connection problem On 3/31/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: > Hmmm, sounds interessing... > Does it work with the stack used in pfsense ? and if yes, will it be > implemented ? I must have had a brain fart because we already had support for

Re: [pfSense Support] IPSec connection problem

On 3/31/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: Hmmm, sounds interessing... Does it work with the stack used in pfsense ? and if yes, will it be implemented ? I must have had a brain fart because we already had support for IPSEC compression as a hidden option. I just added a checkbox to

AW: [pfSense Support] IPSec connection problem

] IPSec connection problem On 3/31/07, Matthew Grooms <[EMAIL PROTECTED]> wrote: > IPCOMP is supported. It should work fine with the KAME IPSEC stack. FAST > IPSEC has issues and is disabled via sysctl by default ... > > net.inet.ipcomp.ipcomp_enable: 0 I stand corrected. Learn somet

Re: [pfSense Support] IPSec connection problem

On 3/31/07, Matthew Grooms <[EMAIL PROTECTED]> wrote: IPCOMP is supported. It should work fine with the KAME IPSEC stack. FAST IPSEC has issues and is disabled via sysctl by default ... net.inet.ipcomp.ipcomp_enable: 0 I stand corrected. Learn something new every day. Scott

Re: [pfSense Support] IPSec connection problem

Scott Ullrich wrote: On 3/30/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: You can add a ping statement tot he ipsec-tunnel so it builds up immediately... Compression is not used i presume... Correct. Compression is not a feature in FreeBSD. If someone would like to port it from OpenBSD tha

Re: [pfSense Support] IPSec connection problem

On 3/30/07, Fuchs, Martin <[EMAIL PROTECTED]> wrote: You can add a ping statement tot he ipsec-tunnel so it builds up immediately... Compression is not used i presume... Correct. Compression is not a feature in FreeBSD. If someone would like to port it from OpenBSD that would be fantastic.

AW: [pfSense Support] IPSec connection problem

TED]> To: "Support PfSense" Sent: Friday, March 30, 2007 2:09 PM Subject: [pfSense Support] IPSec connection problem > Hi, > >I have two pfsense and trying to do a IPsec tunnel, however I´m having > no sucess. The two points have static IP´s and first I used the defa

Re: [pfSense Support] IPSec connection problem

INFO: begin Aggressive mode. Mar 30 14:15:35 racoon: INFO: respond new phase 1 negotiation: 200.xx.93.210[500]<=>201.xxx.20.10[500] -- Diego - Original Message - From: "Diego Morato" <[EMAIL PROTECTED]> To: "Support PfSense" Sent: Friday, March 30, 20

[pfSense Support] IPSec connection problem

Hi, I have two pfsense and trying to do a IPsec tunnel, however I´m having no sucess. The two points have static IP´s and first I used the default options of the webgui. After I´m followed this doc: http://doc.m0n0.ch/handbook/ipsec-tunnels.html. Is there something that need to be allow