Hi,

  I've a fairly recent -stable box (dec 19) that I use for natd/firewalling
for my internal net. It has a static default route, to the outside
world. Recently, I added IPSec into the equation, and setup tunnels to three
networks on the other side of a Gauntlet GVPN box.

The ipsec tunnels are statically keyed, so setkey is only run at init.

Every thing works, _most_ of the time, and I'm able to access the remote nets
from any machine in my internal net, with everything appearing on the remotes
as if it came from my tunnel-end.

Every so often, though, I start getting messages from natd:

"failed to write packet back (No route to host)"

If I go to another window, and start pinging the external IP of the GVPN
box, (the other tunnel-end), it may, or may not drop a few packets, and
then start working, and at that point, my IPSec tunnels seem to be working
again. If I'm watching with tcpdump during this time, I don't see any ip
traffic going out to the other tunnel-end.

If I leave a 'ping' running to the other tunnel-end, I don't seem to see
the problem.

I'm game for sticking in some diag lines, to try and gather more info about
the circumstances surrounding these events, but don't really know where
to start. Constructive suggestions welcome.

Thanks,
Mike

----------------------------------
E-Mail: Mike Burgett <mburgettawen.com>
Date: 03-Jan-01
Time: 20:52:50

This message was sent by XFMail
----------------------------------

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]