From owner-freebsd-current@FreeBSD.ORG Tue Aug 21 16:49:16 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 030BE16A420 for ; Tue, 21 Aug 2007 16:49:16 +0000 (UTC) (envelope-from serguey-grigoriev@yandex.ru) Received: from webmail34.mail.yandex.net (webmail34.mail.yandex.net [213.180.223.183]) by mx1.freebsd.org (Postfix) with ESMTP id 7F59D13C442 for ; Tue, 21 Aug 2007 16:49:15 +0000 (UTC) (envelope-from serguey-grigoriev@yandex.ru) Received: from YAMAIL (webmail34) by mail.yandex.ru id S6467797AbXHUQtB for ; Tue, 21 Aug 2007 20:49:01 +0400 X-Yandex-Spam: 1 Received: from [91.122.49.58] ([91.122.49.58]) by mail.yandex.ru with HTTP; Tue, 21 Aug 2007 20:48:59 +0400 From: "S.N.Grigoriev" To: cb@severious.net In-Reply-To: 9070000000006146794 References: <786091187635818@webmail31.yandex.ru> 9070000000006146794 MIME-Version: 1.0 Message-Id: <124781187714940@webmail34.yandex.ru> Date: Tue, 21 Aug 2007 20:49:00 +0400 X-Mailer: Yamail [ http://yandex.ru ] 5.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailman-Approved-At: Tue, 21 Aug 2007 16:51:59 +0000 Cc: freebsd-current@freebsd.org Subject: Re: Cisco PIX/ASA VPN client X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Aug 2007 16:49:16 -0000 21.08.07, 00:00, Craig Boston (cb@severious.net) wrote: > On Mon, Aug 20, 2007 at 10:50:18PM +0400, S.N.Grigoriev wrote: > > I need to use my 7-CURRENT workstation as an IPSec client for > > Cisco PIX/ASA devices. I try to use /usr/ports/security/vpnc > > for this purpose. But when i start vpnc the following error > > message appears: > > > > socket(PF_INET, SOCK_RAW, IPPROTO_ESP): Protocol not supported > > Do you have options IPSEC in your kernel? I believe this may prevent > vpnc from sending/receiving the encapsulated packets. If you're not > using IPSEC for anything else, removing the option should do the trick. > Also, make sure that you're running it as root, not only for raw socket > access but also so it can create the tun device. Thank you very much, Craig, I've removed IPSEC options from my kernel config and now vpnc works fine for me! The only thing I need to know: if CURRENT IPSec and vpnc are completely incompatible? If so, how to reproduce the vpnc behaviour using IPSec? Regards, Serguey.