Loved the “Flying racoons” series of articles – thanks! Since reading them I’ve been trying a number of things out based on them.
My latest project is trying to connect two Macs together using IPSec tunnels – essentially as a prelude to trying to set up a VPN between two offices, with Macs running OSX (10.2.1) as the gateways. I found several articles about doing the same sort of thing with FreeBSD, eg:
http://www.freebsddiary.org/ipsec-tunnel.php
http://rr.sans.org/firewall/IPSec_VPN.php
They use commands and examples sufficiently similar to those on the Mac (not too surprising given the common ground between Darwin and FreeBSD) to give me hope that this is possible.
On to the question. The tunnel works fine between the 2 Macs themselves, e.g. Mac A can ssh to Mac B and using tcpdump I can see that the packets are ESP IPinIP tunneled. But if I try to contact something else on network B from Mac A, the packets go to Mac B as I would expect, but no further. Using tcpdump, I see messages like the following:
17:37:51.284187 10.10.50.186 > 192.168.80.175: icmp: 10.10.50.186 protocol 50 unreachable (DF)
Has anyone else tried to do this with any success?
What should be listening on port 50?
Do I need to run another daemon apart from racoon?
Any plans to do a 4th article in the Flying Racoons series on this kind of topic? If not, and I get this working, I’d be glad to do one for you!
tia
Gav