Date: Sat, 05 Jun 2004 06:29:05 -0700 From: Jonathan Feally <vulture@netvulture.com> To: Victor Gregorio <victor@opsource.net> Cc: freebsd-net@freebsd.org Subject: Re: IPSEC_ESP and if_tun failed Message-ID: <40C1CAA1.5080000@netvulture.com> In-Reply-To: <1086420241.652.41.camel@localhost> References: <1086420241.652.41.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Your problem lies in that vpnc is opening a raw socket to get it's ESP packets. However when you enable esp in the kernel, the kernel already is taking those packets, so you get the SOCK_RAW error as vpnc cannot get ESP packets because the kernel is handling them. I do not know if options FAST_IPSEC will solve your problem. Victor Gregorio wrote: >Hello. I originally posted this to freebsd-questions. I then learned >about this list and thought my topic was appropriate. > >I am running into a problem with using vpnc and isakmpd on the same >system (not at the same time) on a FreeBSD 5.2.1-RELEASE-p8 system. > >With IPSEC enabled in the kernel, vpnc worked fine. Then, I had to >include IPSEC_ESP so that isakmpd would work. Now, vpnc is broken. > >I compiled in IPSEC_DEBUG and did a $ sudo sysctl debug.if_tun_debug=1 >to get some verbose logging. This is what happens... > >- I start vpnc as root >- The client connects >- vpnc authenticates properly >- IP address is assigned to tun0 >- The IPSec connection breaks >- vpnc errors out with: socket(SOCK_RAW): Protocol not supported >- ifconfig still shows the device tun0 with the assigned IP > >/var/log/messages shows this: >kernel: tun0: open >kernel: module_register: module if_tun already exists! >kernel: Module if_tun failed to register: 17 >kernel: can't re-use a leaf (if_tun_debug)! >kernel: tun0: mtu set >kernel: tun0: tuninit >kernel: tun0: address set, error=0 >kernel: tun0: tunoutput >kernel: tun0: tunoutput >kernel: tun0: tuninit >kernel: tun0: address set, error=0 >kernel: tun0: closed >kernel: tun0: tunoutput >kernel: tun0: not ready 032 >kernel: tun0: tunoutput >kernel: tun0: not ready 032 > >I have been trying to turn off ESP support using sysctl. OpenBSD has an >OID called net.inet.esp.enable. This OID is not listed in sysctl -a. > >Any advice is appreciated. > >-Victor > > >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40C1CAA1.5080000>