Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 30 Mar 2004 12:33:08 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        =?ISO-8859-1?Q?Cyrill_R=FCttimann?= <ruettimac@mac.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: IPSec troubles
Message-ID:  <Pine.BSF.4.53.0403301225030.714@e0-0.zab2.int.zabbadoz.net>
In-Reply-To: <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com>
References:  <257C203C-8104-11D8-9902-00039303AB38@mac.com> <Pine.BSF.4.53.0403301115370.714@e0-0.zab2.int.zabbadoz.net> <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 30 Mar 2004, Cyrill R=FCttimann wrote:

Hi,

> > If this is the remaining problem apart from the yet known (where KAME
> > people cannot find the time to review at the moment) I may look into
> > this; have setup my wireless connection on a 5.2.1 notebook (being
> > updated to HEAD soon) to use IPSec lately so I have a 'testbed' now.
>
> Please can you report if IPSec is working with current or the latest
> stable?
>
> With 5.2.1, you are lost completely. IPSec with kernel options  do not
> work and if you enable FAST_IPSEC (which should work), you end up not
> able to compile the kernel. There was a patch mentioned to solve this,
> but for me it did not work.

I have been able to use IPSEC (do not know about FAST_IPSEC) with
5.2.1R miniinst installation on following setup:

notebook(wi0) <---> AP(bridge) <----> (fxp2)router

I am now on a 5.2.1R with a private kernel incooperated some of my
IPSEC related patches from HEAD (not all) and it also works.

What I had to do had been "excluding IKE traffic" by doing s.th.
 like this (router side config):

spdadd  ROUTER[500] NOTEBOOK[500] udp
        -P out none ;

spdadd  NOTEBOOK[500] ROUTER[500] udp
        -P in none ;

This for sure is not the most nifty way to do but it works.

--=20
Greetings

Bjoern A. Zeeb=09=09=09=09bzeeb at Zabbadoz dot NeT
56 69 73 69 74=09=09=09=09http://www.zabbadoz.net/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0403301225030.714>