From owner-freebsd-current@FreeBSD.ORG Mon Feb 16 04:52:33 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0549B16A4CE for ; Mon, 16 Feb 2004 04:52:33 -0800 (PST) Received: from gvr.gvr.org (gvr-gw.gvr.org [80.126.103.228]) by mx1.FreeBSD.org (Postfix) with ESMTP id C912143D2F for ; Mon, 16 Feb 2004 04:52:32 -0800 (PST) (envelope-from guido@gvr.org) Received: by gvr.gvr.org (Postfix, from userid 657) id 3293B2E; Mon, 16 Feb 2004 13:52:32 +0100 (CET) Date: Mon, 16 Feb 2004 13:52:32 +0100 From: Guido van Rooij To: Tobias Roth , freebsd-current@freebsd.org Message-ID: <20040216125232.GA64059@gvr.gvr.org> References: <20040214174144.GA13215@speedy.unibe.ch> <20040214211819.GE11710@saboteur.dek.spc.org> <20040214235426.GA13792@speedy.unibe.ch> <20040215013700.GC19592@saboteur.dek.spc.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040215013700.GC19592@saboteur.dek.spc.org> Subject: Re: state of ipsec X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Feb 2004 12:52:33 -0000 On Sun, Feb 15, 2004 at 01:37:00AM +0000, Bruce M Simpson wrote: > On Sun, Feb 15, 2004 at 12:54:26AM +0100, Tobias Roth wrote: > > yes, setkey -D never outputs anything, no SAs get created at all. > > This would tend to suggest either IPSEC support is missing from the kernel, > or there has been a problem when racoon is issuing PF_KEY socket writes. > > Can you recompile with IPSEC_DEBUG enabled and try to replicate the problem? IIRC IPSEC currentky has the porblem that if you happen to use require in your policies, even the ISAKMP packets do not gte out. I switched to FAST_IPSEC, which doesnt have this problem. You can of course also use "use" in stead of "require". -Guido