Date: Tue, 30 Mar 2004 12:33:08 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: =?ISO-8859-1?Q?Cyrill_R=FCttimann?= <ruettimac@mac.com> Cc: freebsd-net@freebsd.org Subject: Re: IPSec troubles Message-ID: <Pine.BSF.4.53.0403301225030.714@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com> References: <257C203C-8104-11D8-9902-00039303AB38@mac.com> <Pine.BSF.4.53.0403301115370.714@e0-0.zab2.int.zabbadoz.net> <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 30 Mar 2004, Cyrill R=FCttimann wrote: Hi, > > If this is the remaining problem apart from the yet known (where KAME > > people cannot find the time to review at the moment) I may look into > > this; have setup my wireless connection on a 5.2.1 notebook (being > > updated to HEAD soon) to use IPSec lately so I have a 'testbed' now. > > Please can you report if IPSec is working with current or the latest > stable? > > With 5.2.1, you are lost completely. IPSec with kernel options do not > work and if you enable FAST_IPSEC (which should work), you end up not > able to compile the kernel. There was a patch mentioned to solve this, > but for me it did not work. I have been able to use IPSEC (do not know about FAST_IPSEC) with 5.2.1R miniinst installation on following setup: notebook(wi0) <---> AP(bridge) <----> (fxp2)router I am now on a 5.2.1R with a private kernel incooperated some of my IPSEC related patches from HEAD (not all) and it also works. What I had to do had been "excluding IKE traffic" by doing s.th. like this (router side config): spdadd ROUTER[500] NOTEBOOK[500] udp -P out none ; spdadd NOTEBOOK[500] ROUTER[500] udp -P in none ; This for sure is not the most nifty way to do but it works. --=20 Greetings Bjoern A. Zeeb=09=09=09=09bzeeb at Zabbadoz dot NeT 56 69 73 69 74=09=09=09=09http://www.zabbadoz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0403301225030.714>