Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Nov 2007 11:15:20 +0000
From:      Baldur Gislason <baldur@foo.is>
To:        VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>
Cc:        freebsd-hackers@freebsd.org, Giulio Ferro <auryn@zirakzigil.org>
Subject:   Re: doubt about IPSEC - Freebsd 7
Message-ID:  <20071126111520.GC48107@gremlin.foo.is>
In-Reply-To: <20071124150854.GA3451@zen.inc>
References:  <474830F9.90305@zirakzigil.org> <20071124150854.GA3451@zen.inc>

next in thread | previous in thread | raw e-mail | index | archive | help
And since we're on this subject... is it possible to do IPSEC over UDP
tunnels in FreeBSD now? I have a couple of networks with dumb NAT and
need a way to tunnel out of them in a reliable manner.

Baldur

On Sat, Nov 24, 2007 at 04:08:54PM +0100, VANHULLEBUS Yvan wrote:
> Hi.
> 
> 
> On Sat, Nov 24, 2007 at 03:11:05PM +0100, Giulio Ferro wrote:
> > I've noticed that in the kernel configuration IPSEC_ESP disappeared
> > from the options. It says that you just need device crypto and IPSEC.
> >
> > Does this mean that with crypto and IPSEC I have all I need to treat
> > ESP like the old IPSEC_ESP option?
> >
> 
> IPSEC_ESP was a needed option for KAME's IPSec implementation, which
> is no longer in FreeBSD's kernel.
> 
> IPSEC now enables FAST_IPSEC stack, which just needs IPSEC and device
> crypto.
> 
> 
> > I'm having some problems right now setting up a vpn to complete phase 2,
> > (the error is no proposal chosen).
> > Since ipsec-tools uses the facilities in the kernel, I want to make sure 
> > that the
> > kernel provides everything racoon needs...
> 
> That really sounds like a configuration issue (racoon.conf, or perhaps
> your SPD entries), racoon's debug on responder should give you more
> informations on the problem.
> 
> 
> 
> Yvan.
> 
> -- 
> NETASQ
> http://www.netasq.com
> _______________________________________________
> freebsd-hackers@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071126111520.GC48107>