From owner-freebsd-security@FreeBSD.ORG  Wed Apr 28 07:24:26 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 89E6516A4CE
	for <freebsd-security@FreeBSD.org>;
	Wed, 28 Apr 2004 07:24:26 -0700 (PDT)
Received: from bast.unixathome.org (bast.unixathome.org [66.11.174.150])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5854243D5E
	for <freebsd-security@FreeBSD.org>;
	Wed, 28 Apr 2004 07:24:26 -0700 (PDT)
	(envelope-from dan@langille.org)
Received: from wocker (wocker.unixathome.org [192.168.0.99])
	by bast.unixathome.org (Postfix) with ESMTP
	id 39DB43D3D; Wed, 28 Apr 2004 10:24:25 -0400 (EDT)
From: "Dan Langille" <dan@langille.org>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Date: Wed, 28 Apr 2004 10:24:25 -0400
MIME-Version: 1.0
Message-ID: <408F8659.26009.385BE5A8@localhost>
Priority: normal
References: <408ECCFB.2846.3587C13A@localhost>
In-reply-to: <Pine.BSF.4.53.0404280453500.11677@e0-0.zab2.int.zabbadoz.net>
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
cc: freebsd-security@FreeBSD.org
Subject: Re: IPsec works, but racoon/IKE does not
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Apr 2004 14:24:26 -0000

On 28 Apr 2004 at 4:56, Bjoern A. Zeeb wrote:

> On Tue, 27 Apr 2004, Dan Langille wrote:
> 
> > I have no idea whatsoever as to why racoon/IKE does not work here.
> >  I've tried various how-to documents but found nothing that works for
> > me.
> >
> > Gateway (10.0.0.1) running 4.9-stable.
> > Laptop (10.0.0.10) running 5.2.1-release.
> ...
> > I see this on the gateway.  Does this mean anything to anyone?
> > Thanks.
> 
> not read the log but this is most likly the problem described in this
> thread (along with solutions):
> 
> http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003514.html

Thank you!  That was it.  IKE just worked after these mods to my 
kernel:

remove:
options IPSEC
options IPSEC_ESP
options IPSEC_DEBUG
options INET6

add:
options FAST_IPSEC
device crypto

man fast_ipsec told me that there is no support for IPv6, which 
eventually led me to remove INET6 when the kernel would not compile.

-- 
Dan Langille : http://www.langille.org/
BSDCan - http://www.bsdcan.org/