Date: Mon, 4 Oct 2004 16:20:42 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Sergey Smitienko <hunter@comsys.com.ua> Cc: freebsd-current@freebsd.org Subject: Re: FreeBSD 5.3 IPSec Message-ID: <Pine.BSF.4.53.0410041611160.46049@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <027201c4aa0e$d6021020$13caa8c0@aa.com> References: <027201c4aa0e$d6021020$13caa8c0@aa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 4 Oct 2004, Sergey Smitienko wrote: Hi, > I'm having problem with an IPSec connection between two test hosts running > 5.3-BETA3 using isakmpd. > Both kernels are GENERIC with IPSEC/IPSEC_ESP options additions. As far as I > understand from > the isakmpd debug output it does negotiate a connection and then fails to > setup kernel to use encryption > between this two hosts. looks like the same problem a lot of racoon users had seen. It should go away if you update to BETA7 or apply following patch: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netkey/key.c.diff?r1=1.65.2.1&r2=1.65.2.2 If updating or patching is not an option you need to at least compile a new kernel. The workaround was to compile the kernel with MSIZE=512 I think. You should be able to find it in the archives of last month from current@. -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0410041611160.46049>