Date: Thu, 19 Jul 2007 14:22:17 +0100 From: Vince <jhary@unsane.co.uk> To: Andrew Reilly <andrew-freebsd@areilly.bpc-users.org> Cc: freebsd-stable@freebsd.org, delta@lackas.net Subject: Re: ports/security/vpnc vs built-in IPSec? Message-ID: <469F6589.9070300@unsane.co.uk> In-Reply-To: <20070719064614.GA96133@duncan.reilly.home> References: <20070719064614.GA96133@duncan.reilly.home>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Reilly wrote: > Hi there, > > I used ports/security/vpnc with some success some time ago, but > then stopped because I didn't need it. Since then I've > upgraded my -STABLE many times, and portupgrade has upgraded > vpnc at least once, and now it doesn't seem to work anymore. > I've been poking it quite vigerously, this afternoon, without > much success: I can start it from the command line, with > debugging turned on and no-disconnect from the control terminal, > and can see from the debug trace that connection, authentication and > network route setup all seem perfect. Just no packets ever seem > to get through the tun0 link. > I'm running -CURRENT so the situation isnt identical but vpnc works fine here. this is though NAT with vpnc-0.4.0_1 {root@prawn}#vpnc add host 80.169.168.42: gateway 192.168.10.2 add net 10.49.11.0: gateway 10.100.223.50 add net 10.44.19.0: gateway 10.100.223.50 VPNC started in background (pid: 24376)... [~](14:19:30) {root@prawn}#!ftp -su: !ftp: event not found [~](14:19:32) {root@prawn}#ftp 10.49.11.252 Connected to 10.49.11.252. 220 Access to this system is restricted to authorised users only. If you are not authorised please disconnect now. All transfers are logged. Name (10.49.11.252:jhary): ^C [~](14:20:07) {root@prawn}#vpnc-disconnect Terminating vpnc daemon (pid: 24376) > Now, I remember from long ago that vpnc does not like IPSec in > the kernel, because (from memory) the kernel gets to the esp > packets before vpnc (which handles them in user-space), and the > wrong thing happens. The difference, now, seems to be that > there is no longer a config option to disable IPSEC. Or is > there? > > Is there any way to disable kernel IPSEC in 6-STABLE? > Its not enabled in GENERIC, so you wont have IPSEC Unless you have built a custom kernel. Cant offer much beyond that though I'm afraid. Has it setup the routing correctly? sorry i cant help more, Vince > There doesn't seem to be anything in kldstat to indicate that > any ipsec foo has been dynamically loaded. Indeed, there > doesn't seem to be anything in sysctl -a relating to ipsec > either: does that mean that it somehow *is* disabled? > > Any other thoughts on how to improve my situation? > > Cheers, >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?469F6589.9070300>