From owner-freebsd-net@FreeBSD.ORG Sat Jun 5 00:24:28 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3E79E16A4CE for ; Sat, 5 Jun 2004 00:24:28 -0700 (PDT) Received: from mailsmtp01.sjc02.opsource.net (mailsmtp01.sjc02.opsource.net [209.34.95.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 328CD43D2F for ; Sat, 5 Jun 2004 00:24:28 -0700 (PDT) (envelope-from victor@opsource.net) Received: from [192.168.1.100] (dsl027-177-056.sfo1.dsl.speakeasy.net [216.27.177.56]) (authenticated bits=0)i557ND2I021536 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 5 Jun 2004 00:23:13 -0700 From: Victor Gregorio To: freebsd-net@freebsd.org Content-Type: text/plain Message-Id: <1086420241.652.41.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Sat, 05 Jun 2004 00:24:01 -0700 Content-Transfer-Encoding: 7bit X-Virus-Scanned-By: ClamAV Subject: IPSEC_ESP and if_tun failed X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jun 2004 07:24:28 -0000 Hello. I originally posted this to freebsd-questions. I then learned about this list and thought my topic was appropriate. I am running into a problem with using vpnc and isakmpd on the same system (not at the same time) on a FreeBSD 5.2.1-RELEASE-p8 system. With IPSEC enabled in the kernel, vpnc worked fine. Then, I had to include IPSEC_ESP so that isakmpd would work. Now, vpnc is broken. I compiled in IPSEC_DEBUG and did a $ sudo sysctl debug.if_tun_debug=1 to get some verbose logging. This is what happens... - I start vpnc as root - The client connects - vpnc authenticates properly - IP address is assigned to tun0 - The IPSec connection breaks - vpnc errors out with: socket(SOCK_RAW): Protocol not supported - ifconfig still shows the device tun0 with the assigned IP /var/log/messages shows this: kernel: tun0: open kernel: module_register: module if_tun already exists! kernel: Module if_tun failed to register: 17 kernel: can't re-use a leaf (if_tun_debug)! kernel: tun0: mtu set kernel: tun0: tuninit kernel: tun0: address set, error=0 kernel: tun0: tunoutput kernel: tun0: tunoutput kernel: tun0: tuninit kernel: tun0: address set, error=0 kernel: tun0: closed kernel: tun0: tunoutput kernel: tun0: not ready 032 kernel: tun0: tunoutput kernel: tun0: not ready 032 I have been trying to turn off ESP support using sysctl. OpenBSD has an OID called net.inet.esp.enable. This OID is not listed in sysctl -a. Any advice is appreciated. -Victor