From owner-freebsd-current@FreeBSD.ORG  Mon Aug 20 20:00:35 2007
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1BE7A16A417
	for <freebsd-current@freebsd.org>; Mon, 20 Aug 2007 20:00:35 +0000 (UTC)
	(envelope-from cb@severious.net)
Received: from ion.gank.org (ion.gank.org [69.55.238.164])
	by mx1.freebsd.org (Postfix) with ESMTP id 06C4E13C458
	for <freebsd-current@freebsd.org>; Mon, 20 Aug 2007 20:00:34 +0000 (UTC)
	(envelope-from cb@severious.net)
Received: by ion.gank.org (Postfix, from userid 1001)
	id B73DD110E3; Mon, 20 Aug 2007 15:00:34 -0500 (CDT)
Date: Mon, 20 Aug 2007 15:00:19 -0500
From: Craig Boston <cb@severious.net>
To: "S.N.Grigoriev" <serguey-grigoriev@yandex.ru>
Message-ID: <20070820200018.GA29482@nowhere>
Mail-Followup-To: Craig Boston <cb@severious.net>,
	"S.N.Grigoriev" <serguey-grigoriev@yandex.ru>,
	freebsd-current@freebsd.org
References: <786091187635818@webmail31.yandex.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <786091187635818@webmail31.yandex.ru>
User-Agent: Mutt/1.4.2.3i
Cc: freebsd-current@freebsd.org
Subject: Re: Cisco PIX/ASA VPN client
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Aug 2007 20:00:35 -0000

On Mon, Aug 20, 2007 at 10:50:18PM +0400, S.N.Grigoriev wrote:
> I need to use my 7-CURRENT workstation as an IPSec client for
> Cisco PIX/ASA devices. I try to use /usr/ports/security/vpnc
> for this purpose. But when i start vpnc the following error
> message appears:
> 
> socket(PF_INET, SOCK_RAW, IPPROTO_ESP): Protocol not supported

Do you have options IPSEC in your kernel?  I believe this may prevent
vpnc from sending/receiving the encapsulated packets.  If you're not
using IPSEC for anything else, removing the option should do the trick.

Also, make sure that you're running it as root, not only for raw socket
access but also so it can create the tun device.

> Who knows if it is possible to use vpnc with CURRENT? Or may be I have
> to use another approach to solve my task? 

I use vpnc quite a bit on CURRENT, and it works quite well, with the
exception of fighting with dhclient over the resolv.conf file.  (I
know about exit hooks, but then I forget to remove them and wonder why
DNS isn't working).

Craig