Date: Sun, 8 Aug 2004 15:56:23 +0200 From: Alexander Leidinger <Alexander@Leidinger.net> To: Hannes Mehnert <hannes@mehnert.org> Cc: Jamper <jamper@hotbox.ru> Subject: Re: IPSec + 5.2.current Problem Message-ID: <20040808155623.2fa6fb4b@Magellan.Leidinger.net> In-Reply-To: <20040808132524.GB1033@mehnert.org> References: <200408080622.i786Mnhe017474@www1.pochta.ru> <20040808132524.GB1033@mehnert.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 8 Aug 2004 15:25:24 +0200
Hannes Mehnert <hannes@mehnert.org> wrote:
> > My tring with FAST_IPSEC, disable gif, manual route configureation,rtfm goes to
> > nothing.
>
> When I set 'options MSIZE=512' in the kernel config, IPSec works for
> me.
> Without this option I get 'ERROR: pfkey.c:1076:pk_sendupdate():
> libipsec failed send update (No buffer space available)' from racoon.
I don't have a problem with racoon (because I use MSIZE too), but I have
a problem with the actual data transfer over the encrypted tunnel, see
Message-Id: <20040805223027.7df0732b@Magellan.Leidinger.net>. If I use
FAST_IPSEC instead of IPSEC, everything works.
So you're able to transfer data over the tunnel with IPSEC?
It's a simple configuration, I've configured a gif tunnel between the
FreeBSD box and a hardware appliance (I've only access to the FreeBSD
system), added some SPD entries with setkey, configured racoon with a
pre-shared key and added a static route. With 4.10 this worked without
problems. After replacing the 4.10 box with a 5-current one, I had to
switch to FAST_IPSEC to get it working.
Bye,
Alexander.
--
I'm available to get hired (preferred in .lu).
http://www.Leidinger.net Alexander @ Leidinger.net
GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040808155623.2fa6fb4b>