From owner-freebsd-hackers@FreeBSD.ORG  Sat Nov 24 15:34:41 2007
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 67C4516A417
	for <freebsd-hackers@freebsd.org>; Sat, 24 Nov 2007 15:34:41 +0000 (UTC)
	(envelope-from vanhu@zeninc.net)
Received: from smtp.zeninc.net (reverse-25.fdn.fr [80.67.176.25])
	by mx1.freebsd.org (Postfix) with ESMTP id 388D813C461
	for <freebsd-hackers@freebsd.org>; Sat, 24 Nov 2007 15:34:41 +0000 (UTC)
	(envelope-from vanhu@zeninc.net)
Received: from albator.zen.inc (albator.zen.inc [192.168.1.5])
	by smtp.zeninc.net (smtpd) with ESMTP
	id EC6883F1F; Sat, 24 Nov 2007 16:08:41 +0100 (CET)
Received: by albator.zen.inc (Postfix, from userid 1000)
	id 95D617330F; Sat, 24 Nov 2007 16:08:54 +0100 (CET)
Date: Sat, 24 Nov 2007 16:08:54 +0100
From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>
To: Giulio Ferro <auryn@zirakzigil.org>
Message-ID: <20071124150854.GA3451@zen.inc>
References: <474830F9.90305@zirakzigil.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <474830F9.90305@zirakzigil.org>
User-Agent: All mail clients suck. This one just sucks less.
Cc: freebsd-hackers@freebsd.org
Subject: Re: doubt about IPSEC - Freebsd 7
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Nov 2007 15:34:41 -0000

Hi.


On Sat, Nov 24, 2007 at 03:11:05PM +0100, Giulio Ferro wrote:
> I've noticed that in the kernel configuration IPSEC_ESP disappeared
> from the options. It says that you just need device crypto and IPSEC.
>
> Does this mean that with crypto and IPSEC I have all I need to treat
> ESP like the old IPSEC_ESP option?
>

IPSEC_ESP was a needed option for KAME's IPSec implementation, which
is no longer in FreeBSD's kernel.

IPSEC now enables FAST_IPSEC stack, which just needs IPSEC and device
crypto.


> I'm having some problems right now setting up a vpn to complete phase 2,
> (the error is no proposal chosen).
> Since ipsec-tools uses the facilities in the kernel, I want to make sure 
> that the
> kernel provides everything racoon needs...

That really sounds like a configuration issue (racoon.conf, or perhaps
your SPD entries), racoon's debug on responder should give you more
informations on the problem.



Yvan.

-- 
NETASQ
http://www.netasq.com