I do not know if options FAST_IPSEC will solve your problem.
Victor Gregorio wrote:
Hello. I originally posted this to freebsd-questions. I then learned
about this list and thought my topic was appropriate.
I am running into a problem with using vpnc and isakmpd on the same system (not at the same time) on a FreeBSD 5.2.1-RELEASE-p8 system.
With IPSEC enabled in the kernel, vpnc worked fine. Then, I had to include IPSEC_ESP so that isakmpd would work. Now, vpnc is broken.
I compiled in IPSEC_DEBUG and did a $ sudo sysctl debug.if_tun_debug=1 to get some verbose logging. This is what happens...
- I start vpnc as root - The client connects - vpnc authenticates properly - IP address is assigned to tun0 - The IPSec connection breaks - vpnc errors out with: socket(SOCK_RAW): Protocol not supported - ifconfig still shows the device tun0 with the assigned IP
/var/log/messages shows this: kernel: tun0: open kernel: module_register: module if_tun already exists! kernel: Module if_tun failed to register: 17 kernel: can't re-use a leaf (if_tun_debug)! kernel: tun0: mtu set kernel: tun0: tuninit kernel: tun0: address set, error=0 kernel: tun0: tunoutput kernel: tun0: tunoutput kernel: tun0: tuninit kernel: tun0: address set, error=0 kernel: tun0: closed kernel: tun0: tunoutput kernel: tun0: not ready 032 kernel: tun0: tunoutput kernel: tun0: not ready 032
I have been trying to turn off ESP support using sysctl. OpenBSD has an
OID called net.inet.esp.enable. This OID is not listed in sysctl -a.
Any advice is appreciated.
-Victor
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"