Re: FreeBSD 5.3 IPSec

From: Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net>
Date: Mon, 4 Oct 2004 16:20:42 +0000 (UTC)
On Mon, 4 Oct 2004, Sergey Smitienko wrote:

Hi,

> I'm having problem with an IPSec connection between two test hosts running
> 5.3-BETA3 using isakmpd.
> Both kernels are GENERIC with IPSEC/IPSEC_ESP options additions. As far as I
> understand from
> the isakmpd debug output it does negotiate a connection and then fails to
> setup kernel to use encryption
> between this two hosts.

looks like the same problem a lot of racoon users had seen. It should
go away if you update to BETA7 or apply following patch:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netkey/key.c.diff?r1=1.65.2.1&r2=1.65.2.2

If updating or patching is not an option you need to at least compile
a new kernel. The workaround was to compile the kernel with MSIZE=512 I
think. You should be able to find it in the archives of last month
from current_at_.

-- 
Greetings
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
Received on Mon Oct 04 2004 - 14:25:12 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:15 UTC