Date: Thu, 19 Jul 2007 16:46:14 +1000 From: Andrew Reilly <andrew-freebsd@areilly.bpc-users.org> To: freebsd-stable@freebsd.org Cc: delta@lackas.net Subject: ports/security/vpnc vs built-in IPSec? Message-ID: <20070719064614.GA96133@duncan.reilly.home>
next in thread | raw e-mail | index | archive | help
Hi there, I used ports/security/vpnc with some success some time ago, but then stopped because I didn't need it. Since then I've upgraded my -STABLE many times, and portupgrade has upgraded vpnc at least once, and now it doesn't seem to work anymore. I've been poking it quite vigerously, this afternoon, without much success: I can start it from the command line, with debugging turned on and no-disconnect from the control terminal, and can see from the debug trace that connection, authentication and network route setup all seem perfect. Just no packets ever seem to get through the tun0 link. Now, I remember from long ago that vpnc does not like IPSec in the kernel, because (from memory) the kernel gets to the esp packets before vpnc (which handles them in user-space), and the wrong thing happens. The difference, now, seems to be that there is no longer a config option to disable IPSEC. Or is there? Is there any way to disable kernel IPSEC in 6-STABLE? There doesn't seem to be anything in kldstat to indicate that any ipsec foo has been dynamically loaded. Indeed, there doesn't seem to be anything in sysctl -a relating to ipsec either: does that mean that it somehow *is* disabled? Any other thoughts on how to improve my situation? Cheers, -- Andrew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070719064614.GA96133>