From owner-freebsd-questions  Tue Feb 20 11:52:41 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-64-165-226-53.dsl.lsan03.pacbell.net [64.165.226.53])
	by hub.freebsd.org (Postfix) with ESMTP id 1A35737B4EC
	for <freebsd-questions@freebsd.org>; Tue, 20 Feb 2001 11:52:37 -0800 (PST)
	(envelope-from kris@obsecurity.org)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id CF02A66F2E; Tue, 20 Feb 2001 11:52:36 -0800 (PST)
Date: Tue, 20 Feb 2001 11:52:36 -0800
From: Kris Kennaway <kris@obsecurity.org>
To: Chris Knipe <chrisk@vardus.net>
Cc: freebsd-questions@freebsd.org
Subject: Re: ipsecd
Message-ID: <20010220115236.D35631@mollari.cthul.hu>
References: <03a201c09b43$f7fc8710$6402000a@VARDUSZA.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="tEFtbjk+mNEviIIX"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <03a201c09b43$f7fc8710$6402000a@VARDUSZA.com>; from chrisk@vardus.net on Tue, Feb 20, 2001 at 03:49:39PM +0200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--tEFtbjk+mNEviIIX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Tue, Feb 20, 2001 at 03:49:39PM +0200, Chris Knipe wrote:

> I am right to assume that I need both ipsec and setkey to function properly
> for encrypted VPN configurations, but alas, two weeks, 24 kernel builds, and
> still no avail...

You don't run pipsecd with kernel IPSEC.  The latter is supported
transparently by the kernel and doesn't need a userland daemon to help
with encryption.  You can however use the racoon daemon in ports to do
automatic negotiation of security associations (the alternative is to
manually set them up using setkey(8)).  You still need to set up your
policy database using setkey(8) when using racoon.

Search the mailing list archives (e.g. freebsd-security) for more help
on setting up IPSEC.

Kris

--tEFtbjk+mNEviIIX
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6kssEWry0BWjoQKURAslfAJ41NeZZkE0k5cjTbAHgJee2/qBLigCgiJUU
1vqIw6jGa7FcO51N8vA7ojU=
=qIGN
-----END PGP SIGNATURE-----

--tEFtbjk+mNEviIIX--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message