Date: Mon, 16 Feb 2004 13:52:32 +0100 From: Guido van Rooij <guido@gvr.org> To: Tobias Roth <roth@iam.unibe.ch>, freebsd-current@freebsd.org Subject: Re: state of ipsec Message-ID: <20040216125232.GA64059@gvr.gvr.org> In-Reply-To: <20040215013700.GC19592@saboteur.dek.spc.org> References: <20040214174144.GA13215@speedy.unibe.ch> <20040214211819.GE11710@saboteur.dek.spc.org> <20040214235426.GA13792@speedy.unibe.ch> <20040215013700.GC19592@saboteur.dek.spc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 15, 2004 at 01:37:00AM +0000, Bruce M Simpson wrote: > On Sun, Feb 15, 2004 at 12:54:26AM +0100, Tobias Roth wrote: > > yes, setkey -D never outputs anything, no SAs get created at all. > > This would tend to suggest either IPSEC support is missing from the kernel, > or there has been a problem when racoon is issuing PF_KEY socket writes. > > Can you recompile with IPSEC_DEBUG enabled and try to replicate the problem? IIRC IPSEC currentky has the porblem that if you happen to use require in your policies, even the ISAKMP packets do not gte out. I switched to FAST_IPSEC, which doesnt have this problem. You can of course also use "use" in stead of "require". -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040216125232.GA64059>