From owner-freebsd-current@FreeBSD.ORG Sun Aug 8 13:55:56 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AC9816A4CE for ; Sun, 8 Aug 2004 13:55:56 +0000 (GMT) Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id BA74043D41 for ; Sun, 8 Aug 2004 13:55:55 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from fwd03.aul.t-online.de by mailout01.sul.t-online.com with smtp id 1Bto9Q-0004wG-01; Sun, 08 Aug 2004 15:55:52 +0200 Received: from Andro-Beta.Leidinger.net (EPZq+6ZSZenR20i0y8tiWzOvkE10tkFkQGaE4cQP2-dndlXT2okY8U@[217.83.29.116]) by fmrl03.sul.t-online.com with esmtp id 1Bto9D-1KbXto0; Sun, 8 Aug 2004 15:55:39 +0200 Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1]) i78Dtf5K036473; Sun, 8 Aug 2004 15:55:42 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Date: Sun, 8 Aug 2004 15:56:23 +0200 From: Alexander Leidinger To: Hannes Mehnert Message-Id: <20040808155623.2fa6fb4b@Magellan.Leidinger.net> In-Reply-To: <20040808132524.GB1033@mehnert.org> References: <200408080622.i786Mnhe017474@www1.pochta.ru> <20040808132524.GB1033@mehnert.org> X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-ID: EPZq+6ZSZenR20i0y8tiWzOvkE10tkFkQGaE4cQP2-dndlXT2okY8U@t-dialin.net cc: freebsd-current@freebsd.org cc: Jamper Subject: Re: IPSec + 5.2.current Problem X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Aug 2004 13:55:56 -0000 On Sun, 8 Aug 2004 15:25:24 +0200 Hannes Mehnert wrote: > > My tring with FAST_IPSEC, disable gif, manual route configureation,rtfm goes to > > nothing. > > When I set 'options MSIZE=512' in the kernel config, IPSec works for > me. > Without this option I get 'ERROR: pfkey.c:1076:pk_sendupdate(): > libipsec failed send update (No buffer space available)' from racoon. I don't have a problem with racoon (because I use MSIZE too), but I have a problem with the actual data transfer over the encrypted tunnel, see Message-Id: <20040805223027.7df0732b@Magellan.Leidinger.net>. If I use FAST_IPSEC instead of IPSEC, everything works. So you're able to transfer data over the tunnel with IPSEC? It's a simple configuration, I've configured a gif tunnel between the FreeBSD box and a hardware appliance (I've only access to the FreeBSD system), added some SPD entries with setkey, configured racoon with a pre-shared key and added a static route. With 4.10 this worked without problems. After replacing the 4.10 box with a 5-current one, I had to switch to FAST_IPSEC to get it working. Bye, Alexander. -- I'm available to get hired (preferred in .lu). http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7