Date: Sat, 24 Nov 2007 16:08:54 +0100 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: Giulio Ferro <auryn@zirakzigil.org> Cc: freebsd-hackers@freebsd.org Subject: Re: doubt about IPSEC - Freebsd 7 Message-ID: <20071124150854.GA3451@zen.inc> In-Reply-To: <474830F9.90305@zirakzigil.org> References: <474830F9.90305@zirakzigil.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. On Sat, Nov 24, 2007 at 03:11:05PM +0100, Giulio Ferro wrote: > I've noticed that in the kernel configuration IPSEC_ESP disappeared > from the options. It says that you just need device crypto and IPSEC. > > Does this mean that with crypto and IPSEC I have all I need to treat > ESP like the old IPSEC_ESP option? > IPSEC_ESP was a needed option for KAME's IPSec implementation, which is no longer in FreeBSD's kernel. IPSEC now enables FAST_IPSEC stack, which just needs IPSEC and device crypto. > I'm having some problems right now setting up a vpn to complete phase 2, > (the error is no proposal chosen). > Since ipsec-tools uses the facilities in the kernel, I want to make sure > that the > kernel provides everything racoon needs... That really sounds like a configuration issue (racoon.conf, or perhaps your SPD entries), racoon's debug on responder should give you more informations on the problem. Yvan. -- NETASQ http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071124150854.GA3451>