Date: Thu, 20 Feb 2014 06:28:30 +1100 From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> To: Clemens Schrimpe <csch@kiez.net>, Francois ten Krooden <ftk@Nanoteq.com> Cc: "ports@FreeBSD.org" <ports@freebsd.org>, strongswan <strongswan@Nanoteq.com> Subject: Re: FreeBSD Port: strongswan-5.1.1_1 Message-ID: <530505DE.2020407@heuristicsystems.com.au> In-Reply-To: <13DCA01D-9965-4B4B-A24D-9F91149B9406@kiez.net> References: <04BF6635-0193-4D0F-B527-03A92B1FCAAB@kiez.net> <E9504166C8F77C4B8CCA70C6215A348762DA30E63E@ntq-ex.nanoteq.co.za> <13DCA01D-9965-4B4B-A24D-9F91149B9406@kiez.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19/02/2014 2:31 AM, Clemens Schrimpe wrote: > On 18.02.2014, at 16:12, Francois ten Krooden <ftk@Nanoteq.com> wrote: > >> I will have a look on my test setup with FreeBSD to see if I can get the same error. > Thank you. Watch for messages re: PF_ROUTE failed, like these: > > 21[KNL] adding PF_ROUTE route failed: Invalid argument > 21[KNL] installing route failed: 192.68.1.1/32 via (null) src %any dev vtnet1 > > >> As far as I know there wasn’t any changes that would cause this issue. > My suspicion is, that the PF_ROUTE interfaces vary between Linux, OpenBSD and FreeBSD - and nobody really "ported" the code. Again: This is just a rough suspicion - I need to familiarize myself with the respective interfaces within Linux / OpenBSD. > > >> Just a question, did you recompile the standard FreeBSD kernel to include the support for IPsec, since the default kernel does not include the IPsec support. > Of course. And Raccoon works fine - it just sucks in so many other ways, that I'd rather use Strongswan :-) > > Thanks - > > Clemens > Clemens, I only use FreeBSD 9.2Stable and Strongswan 5.1.1 performs nicely. After setting knl=4 in charon debug, I received this: # grep -i route /var/log/auth.log |tail -n1 Feb 20 06:17:24 admin2 charon: 11[KNL] installing route: 10.130.30.17/32 via 172.16.200.6 src 10.16.200.47 dev vga1 which seems to be what you're after. So the issue doesn't appear to reside with strongswan? FYI: Downloaded and build on: FreeBSD 9.2-STABLE #0: Sun Jan 19 19:07:34 EST 2014 There are two tricks with using enc0 - firstly it must be enabled (ifconfig enc0 up) and there are some tricks to getting it to reveal exactly what you're after, the "man 4 enc" is quite helpful. Regards, Dewayne.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530505DE.2020407>