From owner-freebsd-net@FreeBSD.ORG Fri Sep 3 02:04:56 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2553716A4CE for ; Fri, 3 Sep 2004 02:04:56 +0000 (GMT) Received: from web61308.mail.yahoo.com (web61308.mail.yahoo.com [216.155.196.151]) by mx1.FreeBSD.org (Postfix) with SMTP id B816343D3F for ; Fri, 3 Sep 2004 02:04:55 +0000 (GMT) (envelope-from cpumemhd@yahoo.com) Message-ID: <20040903020455.44375.qmail@web61308.mail.yahoo.com> Received: from [149.174.164.14] by web61308.mail.yahoo.com via HTTP; Thu, 02 Sep 2004 19:04:55 PDT Date: Thu, 2 Sep 2004 19:04:55 -0700 (PDT) From: cpu memhd To: freebsd-net@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: IPsec blues 5.2.1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Sep 2004 02:04:56 -0000 I know about the broken IPSEC problem so I have compiled kernel with FAST_IPSEC. The man pages say: "In general, the Fast IPsec implementation is intended to be compatible with the KAME IPsec implementation." Then, when reading 14.10 VPN over IPsec docs... http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html It mentions using racoon and modifing ${PREFIX}/etc/racoon/psk.txt. But this file does not exist. Do I still have to use racoon, how do I get this working? Another problem is the handbook example shows rc.conf configuration as: gifconfig_gif0="A.B.C.D W.X.Y.Z" ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff" static_routes="vpn" route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00" But shouldn't the two gateways be on the same subnet (192.168.1.x)? Also, I try to run setkey -D but I get an error "pfkey_open: Protocol not supported". Thanks. --------------------------------- Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers!