From owner-freebsd-net@FreeBSD.ORG Tue Mar 30 04:35:06 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE5FF16A4CE for ; Tue, 30 Mar 2004 04:35:06 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59FA943D1F for ; Tue, 30 Mar 2004 04:35:06 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id D50571FF931; Tue, 30 Mar 2004 14:35:04 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id D7B601FF91D; Tue, 30 Mar 2004 14:35:02 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 7E788154E3; Tue, 30 Mar 2004 12:33:07 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 73DE9153AA; Tue, 30 Mar 2004 12:33:08 +0000 (UTC) Date: Tue, 30 Mar 2004 12:33:08 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: =?ISO-8859-1?Q?Cyrill_R=FCttimann?= In-Reply-To: <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com> Message-ID: References: <257C203C-8104-11D8-9902-00039303AB38@mac.com> <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-net@freebsd.org Subject: Re: IPSec troubles X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2004 12:35:07 -0000 On Tue, 30 Mar 2004, Cyrill R=FCttimann wrote: Hi, > > If this is the remaining problem apart from the yet known (where KAME > > people cannot find the time to review at the moment) I may look into > > this; have setup my wireless connection on a 5.2.1 notebook (being > > updated to HEAD soon) to use IPSec lately so I have a 'testbed' now. > > Please can you report if IPSec is working with current or the latest > stable? > > With 5.2.1, you are lost completely. IPSec with kernel options do not > work and if you enable FAST_IPSEC (which should work), you end up not > able to compile the kernel. There was a patch mentioned to solve this, > but for me it did not work. I have been able to use IPSEC (do not know about FAST_IPSEC) with 5.2.1R miniinst installation on following setup: notebook(wi0) <---> AP(bridge) <----> (fxp2)router I am now on a 5.2.1R with a private kernel incooperated some of my IPSEC related patches from HEAD (not all) and it also works. What I had to do had been "excluding IKE traffic" by doing s.th. like this (router side config): spdadd ROUTER[500] NOTEBOOK[500] udp -P out none ; spdadd NOTEBOOK[500] ROUTER[500] udp -P in none ; This for sure is not the most nifty way to do but it works. --=20 Greetings Bjoern A. Zeeb=09=09=09=09bzeeb at Zabbadoz dot NeT 56 69 73 69 74=09=09=09=09http://www.zabbadoz.net/