From owner-freebsd-ports@FreeBSD.ORG Wed Feb 19 21:57:55 2014 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 19EF77B8 for ; Wed, 19 Feb 2014 21:57:55 +0000 (UTC) Received: from nskntqsrv02p.mx.bigpond.com (nskntqsrv02p.mx.bigpond.com [61.9.168.234]) by mx1.freebsd.org (Postfix) with ESMTP id A573E1898 for ; Wed, 19 Feb 2014 21:57:54 +0000 (UTC) Received: from nskntcmgw07p ([61.9.169.167]) by nskntmtas02p.mx.bigpond.com with ESMTP id <20140219192922.FEXX16450.nskntmtas02p.mx.bigpond.com@nskntcmgw07p>; Wed, 19 Feb 2014 19:29:22 +0000 Received: from hermes.heuristicsystems.com.au ([121.210.107.115]) by nskntcmgw07p with BigPond Outbound id UKVL1n0042VR1hD01KVLKE; Wed, 19 Feb 2014 19:29:21 +0000 X-Authority-Analysis: v=2.0 cv=bJiU0YCZ c=1 sm=1 a=kPFzL+aQTxRlsBNBWdEb+Q==:17 a=JipEcVzqA9wA:10 a=b0oWxOWw1_YA:10 a=N659UExz7-8A:10 a=GHIR_BbyAAAA:8 a=tkzHwW0dXlQA:10 a=WBfKHoA4AAAA:8 a=2e1eNWSdWgH-hKfsBeMA:9 a=pILNOxqGKmIA:10 a=ky3M6McxRzkA:10 a=kPFzL+aQTxRlsBNBWdEb+Q==:117 Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id s1JJSWZB098173 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 20 Feb 2014 06:28:35 +1100 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Message-ID: <530505DE.2020407@heuristicsystems.com.au> Date: Thu, 20 Feb 2014 06:28:30 +1100 From: Dewayne Geraghty User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Clemens Schrimpe , Francois ten Krooden Subject: Re: FreeBSD Port: strongswan-5.1.1_1 References: <04BF6635-0193-4D0F-B527-03A92B1FCAAB@kiez.net> <13DCA01D-9965-4B4B-A24D-9F91149B9406@kiez.net> In-Reply-To: <13DCA01D-9965-4B4B-A24D-9F91149B9406@kiez.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: "ports@FreeBSD.org" , strongswan X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Feb 2014 21:57:55 -0000 On 19/02/2014 2:31 AM, Clemens Schrimpe wrote: > On 18.02.2014, at 16:12, Francois ten Krooden wrote: > >> I will have a look on my test setup with FreeBSD to see if I can get the same error. > Thank you. Watch for messages re: PF_ROUTE failed, like these: > > 21[KNL] adding PF_ROUTE route failed: Invalid argument > 21[KNL] installing route failed: 192.68.1.1/32 via (null) src %any dev vtnet1 > > >> As far as I know there wasn’t any changes that would cause this issue. > My suspicion is, that the PF_ROUTE interfaces vary between Linux, OpenBSD and FreeBSD - and nobody really "ported" the code. Again: This is just a rough suspicion - I need to familiarize myself with the respective interfaces within Linux / OpenBSD. > > >> Just a question, did you recompile the standard FreeBSD kernel to include the support for IPsec, since the default kernel does not include the IPsec support. > Of course. And Raccoon works fine - it just sucks in so many other ways, that I'd rather use Strongswan :-) > > Thanks - > > Clemens > Clemens, I only use FreeBSD 9.2Stable and Strongswan 5.1.1 performs nicely. After setting knl=4 in charon debug, I received this: # grep -i route /var/log/auth.log |tail -n1 Feb 20 06:17:24 admin2 charon: 11[KNL] installing route: 10.130.30.17/32 via 172.16.200.6 src 10.16.200.47 dev vga1 which seems to be what you're after. So the issue doesn't appear to reside with strongswan? FYI: Downloaded and build on: FreeBSD 9.2-STABLE #0: Sun Jan 19 19:07:34 EST 2014 There are two tricks with using enc0 - firstly it must be enabled (ifconfig enc0 up) and there are some tricks to getting it to reveal exactly what you're after, the "man 4 enc" is quite helpful. Regards, Dewayne.