From: Brian A. Seklecki (lavalampspiritual-machines.org)
Date: Mon Jan 09 2006 - 16:06:06 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> But as soon as I start an scp from Perspex to Soekris, Perspex reboots
> after a few hundred kb. Unfortunately, Perspex is in a datacenter and I
> do not have console access to it to see what the heck is happening at that
> exact moment.

I don't recall. But for the record (IPSEC inside GRE):

If the Transport IPSEC connection is negotiated between two hosts inside the
GRE tunnel private subnet and the IPSEC connection goes down, the data flows in
cleartext. *bad*

The opposite would be (GRE-inside-IPSEC-Transport):

If the Transport IPSEC tunnel is built between the two hosts` public interfaces
and the GRE tunnel is built normally and thus encrypted, things should work.
Of course, we run into the crash.

The trick was I tried it on OpenBSD/Sparc where there is no-such-thing as
"Flash back to the BIOS" and it turns out a Sun "watchdog timer" is getting
hit. Watchdog timers on i386 must cause the BIOS to reset. So the problem is
in-kernel and the config is probably too obscure for developers to spend time
on.

My solution was to re-IP my network properly, and use IP Supernets/
summarization/ subnet aggregation thus consolidating the need for so many
spokes on a hub-and-spoke VPN config.

~~BAS

>
> I noticed that there were no responses to your thread, but I was wondering
> if you had worked out your problem or if you decided to go the ipsec
> encapsulated in gre.
>
> Cheers,
>
> /Jason
> --
> Jason Taylor
> e: jjtaylor.ca
> m: 514-815-8204
>
>

l8*
         -lava

x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]