Date: Tue, 20 Feb 2001 11:52:36 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Chris Knipe <chrisk@vardus.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipsecd Message-ID: <20010220115236.D35631@mollari.cthul.hu> In-Reply-To: <03a201c09b43$f7fc8710$6402000a@VARDUSZA.com>; from chrisk@vardus.net on Tue, Feb 20, 2001 at 03:49:39PM %2B0200 References: <03a201c09b43$f7fc8710$6402000a@VARDUSZA.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Tue, Feb 20, 2001 at 03:49:39PM +0200, Chris Knipe wrote: > I am right to assume that I need both ipsec and setkey to function properly > for encrypted VPN configurations, but alas, two weeks, 24 kernel builds, and > still no avail... You don't run pipsecd with kernel IPSEC. The latter is supported transparently by the kernel and doesn't need a userland daemon to help with encryption. You can however use the racoon daemon in ports to do automatic negotiation of security associations (the alternative is to manually set them up using setkey(8)). You still need to set up your policy database using setkey(8) when using racoon. Search the mailing list archives (e.g. freebsd-security) for more help on setting up IPSEC. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6kssEWry0BWjoQKURAslfAJ41NeZZkE0k5cjTbAHgJee2/qBLigCgiJUU 1vqIw6jGa7FcO51N8vA7ojU= =qIGN -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010220115236.D35631>