Date: Mon, 28 Aug 2006 00:20:51 +0200 From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org> To: Jim Stapleton <stapleton.41@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPSEC, am I missing something? Message-ID: <44F21AC3.2080908@locolomo.org> In-Reply-To: <80f4f2b20608271358l32b84ed6m5c6e5819d38c5c01@mail.gmail.com> References: <80f4f2b20608271358l32b84ed6m5c6e5819d38c5c01@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a cryptographically signed message in MIME format. --------------ms060208030101080405030103 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Jim Stapleton wrote: > What I found and added: > #ipsec: Required for VPN > options IPSEC #IP security > options IPSEC_ESP #IP security (crypto; define w/ IPSEC) > #ipsec optimsations > options FAST_IPSEC # new IPsec (cannot define w/ IPSEC) > options IPSEC_FILTERGIF #filter ipsec packets from a tunnel > > before adding these, I just had the default 6.1 generic kernel file > with a few things commented and a couple uncommented. Just start with the first two options, then add the others if needed. But before you start, check if this actually solves the problem. There is a well known problem with IPSec across NAT-firewalls: Authenticated Headers don't work. Not all kernel options are in the GENERIC file, look for the NOTES file, platform specific NOTES are where you find the GENERIC for your platform, but there is also a general NOTES. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9 --------------ms060208030101080405030103 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIL5jCC Be8wggPXoAMCAQICCQCNA1Uf/OBPDDANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCRVMx GDAWBgNVBAoTD0RhZW1vbiBTZWN1cml0eTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9y aXR5MR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNh QGRhZW1vbnNlY3VyaXR5LmNvbTEKMAgGA1UEBRMBMDAeFw0wNjA0MjAxMzE2NTBaFw0wNzA0 MjAxMzE2NTBaMGIxCzAJBgNVBAYTAkVTMRUwEwYDVQQKEwxMb2NvTG9tby5PcmcxFjAUBgNV BAMTDUVyaWsgTm9yZ2FhcmQxJDAiBgkqhkiG9w0BCQEWFW5vcmdhYXJkQGxvY29sb21vLm9y ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPmPk5QnkyvR4ZNS/jYCYEk6/x/ mqSIqM7XXmikYX4AmbS4AbgJg7tY150ti87oYIjH4pnt1ReYWV4P2lDE2w0Db73Fk3TGpYcq XNUu4uRl8eoMX6Mh5I34tzJc+ZJqXW0pQtzP7JDgPvLddh0roY/ongaqpnrA6dDh0QfEC+ky z1abx9xmp776RPfRnbzjUht9VGPohiZFLyNfLgw5x4Q5/efDtx3tKDMJP67UnVd1tbclKbOs +HaqxYXNr1TJ9HIpRpfb4IhBFCvBDiiHUjbGtpi2EXeHuwoQ8cp7mjl6j1BfGaoFHvqzA1GD +156qJ9waxEvx/0XGudqWJeFTVkCAwEAAaOCAW4wggFqMA8GA1UdEwEB/wQFMAMCAQAwCwYD VR0PBAQDAgO4MB0GA1UdDgQWBBRpebgs44/nvl3Dw7F0Yrg/nx9puTCBzgYDVR0jBIHGMIHD gBSOYakm6rz5V4h0qO3QlbBuYT3ipaGBn6SBnDCBmTELMAkGA1UEBhMCRVMxGDAWBgNVBAoT D0RhZW1vbiBTZWN1cml0eTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR4wHAYD VQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNhQGRhZW1vbnNl Y3VyaXR5LmNvbTEKMAgGA1UEBRMBMIIJAI0DVR/84E8BMCAGA1UdEQQZMBeBFW5vcmdhYXJk QGxvY29sb21vLm9yZzA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vd3d3LmRhZW1vbnNlY3Vy aXR5LmNvbS9jYS9kcy5jcmwwDQYJKoZIhvcNAQEFBQADggIBAMefA0DXBeUmPG353ldj4jQP TKusU49AGPtH0gI0W7gnc8L6NQb7/lzpF1xW3fVOXmDBSQrSzdsmPoUiQBOv8/GTPiJbktbr eHGPDDi7xTmNgGCh/gv9EECEc0casKs778FMhJxQDIKUrBpdxpxUVHxzR9m2MgCaiOPi0oru o5ZjdNh4PyfSrYkkMJmp9w7ouulyf7wSOwwyIxZixWHVIo0lJBZCFQqIcCXzmnLUhlUKqMGb 0sOsPh7GITecrfGAM8iBpLuRjGe3yDa8Xx2riflJLjKxqcSg0OIhibS3xkGTgoJhtAJBB21G CkcnHmLXmnXYZvfE/D4twmSGo3j4D79xFA5xMJU5IwNYT+agU2srRq11eZvtVK3p2sF2rgSK 99cbCHL0K3AhhiF9z+1uLjZO8UgnvB81rQG+Kzn/nvZgQ1bvxKnrtzs3UuKPyAXflNVSiMwO vUv04tBJcIGrdiav64BTQFBgguY7JWWkrsaTeEMUHXW6aUyGCfngQ2LR6McfDeZZLM0BKXiv pjozutGTR76khWqSsttSZQoGoNbMRcHodFCZ2RHSsM1rPKINY1w7vTnr8oEVD3D+pY1UrM/o vDkvS8ypr+gg66pMC0gXl7cReoFNiE118sHKlAEGKNlka3Pga2r+AL6KrjwCZHMwOFDheFoN k9rxTruKV0O0MIIF7zCCA9egAwIBAgIJAI0DVR/84E8MMA0GCSqGSIb3DQEBBQUAMIGZMQsw CQYDVQQGEwJFUzEYMBYGA1UEChMPRGFlbW9uIFNlY3VyaXR5MR4wHAYDVQQLExVDZXJ0aWZp Y2F0ZSBBdXRob3JpdHkxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEkMCIGCSqG SIb3DQEJARYVY2FAZGFlbW9uc2VjdXJpdHkuY29tMQowCAYDVQQFEwEwMB4XDTA2MDQyMDEz MTY1MFoXDTA3MDQyMDEzMTY1MFowYjELMAkGA1UEBhMCRVMxFTATBgNVBAoTDExvY29Mb21v Lk9yZzEWMBQGA1UEAxMNRXJpayBOb3JnYWFyZDEkMCIGCSqGSIb3DQEJARYVbm9yZ2FhcmRA bG9jb2xvbW8ub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+Y+TlCeTK9H hk1L+NgJgSTr/H+apIioztdeaKRhfgCZtLgBuAmDu1jXnS2LzuhgiMfime3VF5hZXg/aUMTb DQNvvcWTdMalhypc1S7i5GXx6gxfoyHkjfi3Mlz5kmpdbSlC3M/skOA+8t12HSuhj+ieBqqm esDp0OHRB8QL6TLPVpvH3GanvvpE99GdvONSG31UY+iGJkUvI18uDDnHhDn958O3He0oMwk/ rtSdV3W1tyUps6z4dqrFhc2vVMn0cilGl9vgiEEUK8EOKIdSNsa2mLYRd4e7ChDxynuaOXqP UF8ZqgUe+rMDUYP7Xnqon3BrES/H/Rca52pYl4VNWQIDAQABo4IBbjCCAWowDwYDVR0TAQH/ BAUwAwIBADALBgNVHQ8EBAMCA7gwHQYDVR0OBBYEFGl5uCzjj+e+XcPDsXRiuD+fH2m5MIHO BgNVHSMEgcYwgcOAFI5hqSbqvPlXiHSo7dCVsG5hPeKloYGfpIGcMIGZMQswCQYDVQQGEwJF UzEYMBYGA1UEChMPRGFlbW9uIFNlY3VyaXR5MR4wHAYDVQQLExVDZXJ0aWZpY2F0ZSBBdXRo b3JpdHkxHjAcBgNVBAMTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEkMCIGCSqGSIb3DQEJARYV Y2FAZGFlbW9uc2VjdXJpdHkuY29tMQowCAYDVQQFEwEwggkAjQNVH/zgTwEwIAYDVR0RBBkw F4EVbm9yZ2FhcmRAbG9jb2xvbW8ub3JnMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly93d3cu ZGFlbW9uc2VjdXJpdHkuY29tL2NhL2RzLmNybDANBgkqhkiG9w0BAQUFAAOCAgEAx58DQNcF 5SY8bfneV2PiNA9Mq6xTj0AY+0fSAjRbuCdzwvo1Bvv+XOkXXFbd9U5eYMFJCtLN2yY+hSJA E6/z8ZM+IluS1ut4cY8MOLvFOY2AYKH+C/0QQIRzRxqwqzvvwUyEnFAMgpSsGl3GnFRUfHNH 2bYyAJqI4+LSiu6jlmN02Hg/J9KtiSQwman3Dui66XJ/vBI7DDIjFmLFYdUijSUkFkIVCohw JfOactSGVQqowZvSw6w+HsYhN5yt8YAzyIGku5GMZ7fINrxfHauJ+UkuMrGpxKDQ4iGJtLfG QZOCgmG0AkEHbUYKRyceYteaddhm98T8Pi3CZIajePgPv3EUDnEwlTkjA1hP5qBTaytGrXV5 m+1UrenawXauBIr31xsIcvQrcCGGIX3P7W4uNk7xSCe8HzWtAb4rOf+e9mBDVu/Eqeu3OzdS 4o/IBd+U1VKIzA69S/Ti0Elwgat2Jq/rgFNAUGCC5jslZaSuxpN4QxQddbppTIYJ+eBDYtHo xx8N5lkszQEpeK+mOjO60ZNHvqSFapKy21JlCgag1sxFweh0UJnZEdKwzWs8og1jXDu9Oevy gRUPcP6ljVSsz+i8OS9LzKmv6CDrqkwLSBeXtxF6gU2ITXXywcqUAQYo2WRrc+Brav4Avoqu PAJkczA4UOF4Wg2T2vFOu4pXQ7QxggP8MIID+AIBATCBpzCBmTELMAkGA1UEBhMCRVMxGDAW BgNVBAoTD0RhZW1vbiBTZWN1cml0eTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 MR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNhQGRh ZW1vbnNlY3VyaXR5LmNvbTEKMAgGA1UEBRMBMAIJAI0DVR/84E8MMAkGBSsOAwIaBQCgggIp MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA2MDgyNzIyMjA1 MVowIwYJKoZIhvcNAQkEMRYEFGB1M6GGcs0w1VE/oAS/EytI8BRUMFIGCSqGSIb3DQEJDzFF MEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIH MA0GCCqGSIb3DQMCAgEoMIG4BgkrBgEEAYI3EAQxgaowgacwgZkxCzAJBgNVBAYTAkVTMRgw FgYDVQQKEw9EYWVtb24gU2VjdXJpdHkxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0 eTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSQwIgYJKoZIhvcNAQkBFhVjYUBk YWVtb25zZWN1cml0eS5jb20xCjAIBgNVBAUTATACCQCNA1Uf/OBPDDCBugYLKoZIhvcNAQkQ AgsxgaqggacwgZkxCzAJBgNVBAYTAkVTMRgwFgYDVQQKEw9EYWVtb24gU2VjdXJpdHkxHjAc BgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEeMBwGA1UEAxMVQ2VydGlmaWNhdGUgQXV0 aG9yaXR5MSQwIgYJKoZIhvcNAQkBFhVjYUBkYWVtb25zZWN1cml0eS5jb20xCjAIBgNVBAUT ATACCQCNA1Uf/OBPDDANBgkqhkiG9w0BAQEFAASCAQAH+P8B+W4teyrxbl0E9YgmXiOljIqL dPC2GUmcWCkruVVpo4QScC4KkI0NwVC1juPxm6J6O8EjQCiVajPKhJ50oyKgA/ja6VbEn1re lZDkgosDNg/Mec/fn/CatNwtCiMdETxPhiXfacl5WQA8D2O+xZMDtd/R4cVC4G5SxHWjfVVH 4dLyTyG62Rl0vq0af7etBWYED1SrV8iTyTM6FR7lRXhUHBd3Ci9S1AhF1n2w6YCMDh2UNzNy QDWiDJLGeIiYeh/tT5oFUGhwcfzpEUNsxcevUSO8HQ/EmR46MUQUS2lducH9wMZB20Z1BROv gRqEcAEQoErJKThXYy+JCDCRAAAAAAAA --------------ms060208030101080405030103--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44F21AC3.2080908>