I am working to connect two networks together using an IPSEC tunnel. The first testing steps I'm taking is to get the GIF interfaces setup and ensure connectivity is in place for the tunnel before I dive into the IPSEC part. Both endpoints are running FreeBSD 8.2-RELEASE. Here is what I've setup on each end:
Endpoint 1:
Endpoint 2:
Here is what's strange to me... If I attempt to ping Endpoint 2 from Endpoint 1, it times out, that is until I go to Endpoint 2 and ping Endpoint 1. Once that is done, connectivity works properly on both ends. After about a minute or so, they go dead again until I repeat the steps I just described.
Both endpoints utilize PF, and I've configured the following rule, I'm not sure if this could be a potential firewall issue.
Here is the output of ifconfig gif1 from each endpoint, with public addresses being masked:
Endpoint 1:
Endpoint 2:
Has anyone experienced anything like this? Before I go through the more complex process of setting up the IPSEC portion, I need to make sure connectivity is working properly at this stage. Thanks for any advice anyone can provide me.
Endpoint 1:
Code:
gifconfig_gif1="y.y.y.y z.z.z.z"
ifconfig_gif1="inet 172.16.1.1 172.16.2.1 netmask 255.255.255.0"
static_routes="tslbell"
route_tslbell="-net 172.16.2.0/24 172.16.2.1"
Endpoint 2:
Code:
gifconfig_gif1="z.z.z.z y.y.y.y"
ifconfig_gif1="inet 172.16.2.1 172.16.1.1 netmask 255.255.255.0"
static_routes="belltsl"
route_belltsl="-net 172.16.1.0/24 172.16.1.1"
Here is what's strange to me... If I attempt to ping Endpoint 2 from Endpoint 1, it times out, that is until I go to Endpoint 2 and ping Endpoint 1. Once that is done, connectivity works properly on both ends. After about a minute or so, they go dead again until I repeat the steps I just described.
Both endpoints utilize PF, and I've configured the following rule, I'm not sure if this could be a potential firewall issue.
Code:
pass quick on gif1 all
Here is the output of ifconfig gif1 from each endpoint, with public addresses being masked:
Endpoint 1:
Code:
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet y.y.y.y --> z.z.z.z
inet6 fe80::222:3fff:fef1:ee91%gif1 prefixlen 64 scopeid 0xc
inet 172.16.1.1 --> 172.16.2.1 netmask 0xffffff00
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
options=1<ACCEPT_REV_ETHIP_VER>
Endpoint 2:
Code:
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet z.z.z.z --> y.y.y.y
inet6 fe80::2b0:d0ff:fefe:30b1%gif1 prefixlen 64 scopeid 0x9
inet 172.16.2.1 --> 172.16.1.1 netmask 0xffffff00
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
options=1<ACCEPT_REV_ETHIP_VER>
Has anyone experienced anything like this? Before I go through the more complex process of setting up the IPSEC portion, I need to make sure connectivity is working properly at this stage. Thanks for any advice anyone can provide me.