Site Navigation

Date:      Mon, 28 Aug 2006 00:20:51 +0200
From:      =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org>
To:        Jim Stapleton <stapleton.41@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: IPSEC, am I missing something?
Message-ID:  <44F21AC3.2080908@locolomo.org>
In-Reply-To: <80f4f2b20608271358l32b84ed6m5c6e5819d38c5c01@mail.gmail.com>
References:  <80f4f2b20608271358l32b84ed6m5c6e5819d38c5c01@mail.gmail.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

[-- Attachment #1 --]
Jim Stapleton wrote:

> What I found and added:
> #ipsec: Required for VPN
> options        IPSEC        #IP security
> options        IPSEC_ESP    #IP security (crypto; define w/ IPSEC)
> #ipsec optimsations
> options        FAST_IPSEC   # new IPsec (cannot define w/ IPSEC)
> options        IPSEC_FILTERGIF  #filter ipsec packets from a tunnel
> 
> before adding these, I just had the default 6.1 generic kernel file
> with a few things commented and a couple uncommented.

Just start with the first two options, then add the others if needed.
But before you start, check if this actually solves the problem. There
is a well known problem with IPSec across NAT-firewalls: Authenticated
Headers don't work.

Not all kernel options are in the GENERIC file, look for the NOTES file,
platform specific NOTES are where you find the GENERIC for your
platform, but there is also a general NOTES.

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9

[-- Attachment #2 --]
0�	*�H��

��0�

10	+0�	*�H��


���0��0�נ
	�U��O0
	*�H��


0��10	UES10U
Daemon Security10UCertificate Authority10UCertificate Authority1$0"	*�H��

	
ca@daemonsecurity.com1
0U
00
060420131650Z
070420131650Z0b10	UES10U
LocoLomo.Org10U
Erik Norgaard1$0"	*�H��

	
norgaard@locolomo.org0�
"0
	*�H��



�
0�

�

��>NP�L�G�MK��	�$��������^h�a~���
�	��Xם-���`������Y^�P��
o�œtƥ�*\�.��e��_�!���2\��j]m)B����>��v+�����z�������2�V���f���D�ѝ��R}Tc�&E/#_.9DŽ9��÷�(3	?�ԝWu��%)���v�ŅͯT��r)F����A+�(�R6ƶ��w��
��{�9z�P_���Q��^z��pk/���jX��MY

��
n0�
j0U

�0
0U�0Uiy�,��]�ñtb�?�i�0��U#��0�À�a�&��W�t��Е�na=⥡�����0��10	UES10U
Daemon Security10UCertificate Authority10UCertificate Authority1$0"	*�H��

	
ca@daemonsecurity.com1
0U
0�	�U��O
0 U0�norgaard@locolomo.org08U10/0-�+�)�'http://www.daemonsecurity.com/ca/ds.crl0
	*�H��


�
ǟ@��&<m��Wc�4L��S�@�G�4[�'s��5��\�\V��N^`�I
���&>�"@���>"[���xq�8��9��`���@�sG��;��L��P���]ƜTT|sGٶ2����Ҋct�x?'ҭ�$0�����r�;2#b�a�"�%$B
�p%�rԆU
����ì>�!7���3ȁ����g��6�_���I.2��Ġ��!����A���a�AmF
G'bךu�f���>-�d��x��qq0�9#XO�Sk+F�uy��T����v����r�+p!�!}��n.6N�H'�5�
�+9���`CV�ĩ�;7R��ߔ�R���K���Ip��v&��S@P`��;%e��ƓxCu�iL�	��Cb���
�Y,�
)x��:3�ѓG���j���Re
���E��tP��Ұ�k<�
c\;�9��p���T���9/K̩�� �LH��z�M�Mu��ʔ
(�dks�kj����<ds08P�xZ
���N��WC�0��0�נ
	�U��O0
	*�H��


0��10	UES10U
Daemon Security10UCertificate Authority10UCertificate Authority1$0"	*�H��

	
ca@daemonsecurity.com1
0U
00
060420131650Z
070420131650Z0b10	UES10U
LocoLomo.Org10U
Erik Norgaard1$0"	*�H��

	
norgaard@locolomo.org0�
"0
	*�H��



�
0�

�

��>NP�L�G�MK��	�$��������^h�a~���
�	��Xם-���`������Y^�P��
o�œtƥ�*\�.��e��_�!���2\��j]m)B����>��v+�����z�������2�V���f���D�ѝ��R}Tc�&E/#_.9DŽ9��÷�(3	?�ԝWu��%)���v�ŅͯT��r)F����A+�(�R6ƶ��w��
��{�9z�P_���Q��^z��pk/���jX��MY

��
n0�
j0U

�0
0U�0Uiy�,��]�ñtb�?�i�0��U#��0�À�a�&��W�t��Е�na=⥡�����0��10	UES10U
Daemon Security10UCertificate Authority10UCertificate Authority1$0"	*�H��

	
ca@daemonsecurity.com1
0U
0�	�U��O
0 U0�norgaard@locolomo.org08U10/0-�+�)�'http://www.daemonsecurity.com/ca/ds.crl0
	*�H��


�
ǟ@��&<m��Wc�4L��S�@�G�4[�'s��5��\�\V��N^`�I
���&>�"@���>"[���xq�8��9��`���@�sG��;��L��P���]ƜTT|sGٶ2����Ҋct�x?'ҭ�$0�����r�;2#b�a�"�%$B
�p%�rԆU
����ì>�!7���3ȁ����g��6�_���I.2��Ġ��!����A���a�AmF
G'bךu�f���>-�d��x��qq0�9#XO�Sk+F�uy��T����v����r�+p!�!}��n.6N�H'�5�
�+9���`CV�ĩ�;7R��ߔ�R���K���Ip��v&��S@P`��;%e��ƓxCu�iL�	��Cb���
�Y,�
)x��:3�ѓG���j���Re
���E��tP��Ұ�k<�
c\;�9��p���T���9/K̩�� �LH��z�M�Mu��ʔ
(�dks�kj����<ds08P�xZ
���N��WC�1��0��

0��0��10	UES10U
Daemon Security10UCertificate Authority10UCertificate Authority1$0"	*�H��

	
ca@daemonsecurity.com1
0U
0	�U��O0	+��)0	*�H��

	1	*�H��


0	*�H��

	1
060827222051Z0#	*�H��

	1`u3��r�0�Q?��+H�T0R	*�H��

	1E0C0
*�H��
0*�H��
�0
*�H��

@0+0
*�H��

(0��	+

�71��0��0��10	UES10U
Daemon Security10UCertificate Authority10UCertificate Authority1$0"	*�H��

	
ca@daemonsecurity.com1
0U
0	�U��O0��*�H��

	1�����0��10	UES10U
Daemon Security10UCertificate Authority10UCertificate Authority1$0"	*�H��

	
ca@daemonsecurity.com1
0U
0	�U��O0
	*�H��



�
��
�n-{*�n]��&^#����t�I�X)+�Ui��p.
��
�P����z;�#@(�j3ʄ�t�"����VğZޕ�䂋6�y�ߟ��-
#<O�%�i�yY<c�œ�����B�nR�u�}UG���O!��t����fT�Wȓ�3:�ExTw
/R�E�}�逌�73r@5���x��z�O�Phpq��Cl�ǯQ#�ę:1DKi]�����A�Fu���p
�J�)8Wc/�0�

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44F21AC3.2080908>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact