From owner-freebsd-hackers@FreeBSD.ORG Mon Nov 26 11:32:08 2007 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FBB516A420 for ; Mon, 26 Nov 2007 11:32:08 +0000 (UTC) (envelope-from baldur@foo.is) Received: from gremlin.foo.is (gremlin.foo.is [194.105.250.10]) by mx1.freebsd.org (Postfix) with ESMTP id 3ABD513C45D for ; Mon, 26 Nov 2007 11:32:08 +0000 (UTC) (envelope-from baldur@foo.is) Received: from 127.0.0.1 (localhost.foo.is [127.0.0.1]) by injector.foo.is (Postfix) with SMTP id E2A1EDA878; Mon, 26 Nov 2007 11:15:23 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on gremlin.foo.is X-Spam-Level: X-Spam-Status: No, score=-2.6 required=6.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.1.7 Received: by gremlin.foo.is (Postfix, from userid 1000) id 21E8ADA87F; Mon, 26 Nov 2007 11:15:20 +0000 (GMT) Date: Mon, 26 Nov 2007 11:15:20 +0000 From: Baldur Gislason To: VANHULLEBUS Yvan Message-ID: <20071126111520.GC48107@gremlin.foo.is> References: <474830F9.90305@zirakzigil.org> <20071124150854.GA3451@zen.inc> In-Reply-To: <20071124150854.GA3451@zen.inc> User-Agent: Mutt/1.4.2.2i X-Sanitizer: Foo MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline Cc: freebsd-hackers@freebsd.org, Giulio Ferro Subject: Re: doubt about IPSEC - Freebsd 7 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2007 11:32:08 -0000 And since we're on this subject... is it possible to do IPSEC over UDP tunnels in FreeBSD now? I have a couple of networks with dumb NAT and need a way to tunnel out of them in a reliable manner. Baldur On Sat, Nov 24, 2007 at 04:08:54PM +0100, VANHULLEBUS Yvan wrote: > Hi. > > > On Sat, Nov 24, 2007 at 03:11:05PM +0100, Giulio Ferro wrote: > > I've noticed that in the kernel configuration IPSEC_ESP disappeared > > from the options. It says that you just need device crypto and IPSEC. > > > > Does this mean that with crypto and IPSEC I have all I need to treat > > ESP like the old IPSEC_ESP option? > > > > IPSEC_ESP was a needed option for KAME's IPSec implementation, which > is no longer in FreeBSD's kernel. > > IPSEC now enables FAST_IPSEC stack, which just needs IPSEC and device > crypto. > > > > I'm having some problems right now setting up a vpn to complete phase 2, > > (the error is no proposal chosen). > > Since ipsec-tools uses the facilities in the kernel, I want to make sure > > that the > > kernel provides everything racoon needs... > > That really sounds like a configuration issue (racoon.conf, or perhaps > your SPD entries), racoon's debug on responder should give you more > informations on the problem. > > > > Yvan. > > -- > NETASQ > http://www.netasq.com > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >