I found something that might be interesting: ---
Konfiguration IPSec (Node1) Datei: /etc/racoon/setkey.sh #!/sbin/setkey -f flush; spdflush; spdadd 192.168.1.1 192.168.1.2 any -P out ipsec ipcomp/transport//use esp/transport//require; spdadd 192.168.1.1 192.168.1.3 any -P out ipsec ipcomp/transport//use esp/transport//require; spdadd 192.168.1.2 192.168.1.1 any -P in ipsec ipcomp/transport//use esp/transport//require; spdadd 192.168.1.3 192.168.1.1 any -P in ipsec ipcomp/transport//use esp/transport//require; Konfiguration IPSec (Node2) Datei: /etc/racoon/setkey.sh #!/sbin/setkey -f flush; spdflush; spdadd 192.168.1.2 192.168.1.1 any -P out ipsec ipcomp/transport//use esp/transport//require; spdadd 192.168.1.2 192.168.1.3 any -P out ipsec ipcomp/transport//use esp/transport//require; spdadd 192.168.1.1 192.168.1.2 any -P in ipsec ipcomp/transport//use esp/transport//require; spdadd 192.168.1.3 192.168.1.2 any -P in ipsec ipcomp/transport//use esp/transport//require; --- It's from http://kb.linuxprofessionals.org/index.php?id=20 the site is german, but perhaps it might help a bit... --- can we use this in /var/etc/spd.conf ? -----Ursprüngliche Nachricht----- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 7. April 2007 02:56 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] IPSec connection problem On 4/6/07, Matthew Grooms <[EMAIL PROTECTED]> wrote: > This means the protocol is enabled in the kernel. If it was configured > for an IPSEC policy in use, you would see IPCOMP security associations > via 'setkey -D' much the same as ESP or AH security associations. As > traffic passes, the sequence numbers and byte counters would increase. I have to admit my ignorance here. Do you mean that when we setup the policy we need to specify that the policy uses ipcomp? If so, do you have an example of this? Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
