Your problem lies in that vpnc is opening a raw socket to get it's ESP packets. However when you enable esp in the kernel, the kernel already is taking those packets, so you get the SOCK_RAW error as vpnc cannot get ESP packets because the kernel is handling them.
I do not know if options FAST_IPSEC will solve your problem.


Victor Gregorio wrote:

Hello. I originally posted this to freebsd-questions. I then learned
about this list and thought my topic was appropriate.


I am running into a problem with using vpnc and isakmpd on the same
system (not at the same time) on a FreeBSD 5.2.1-RELEASE-p8 system.

With IPSEC enabled in the kernel, vpnc worked fine.  Then, I had to
include IPSEC_ESP so that isakmpd would work.  Now, vpnc is broken.

I compiled in IPSEC_DEBUG and did a $ sudo sysctl debug.if_tun_debug=1
to get some verbose logging. This is what happens...

- I start vpnc as root
- The client connects
- vpnc authenticates properly
- IP address is assigned to tun0
- The IPSec connection breaks
- vpnc errors out with: socket(SOCK_RAW): Protocol not supported
- ifconfig still shows the device tun0 with the assigned IP

/var/log/messages shows this:
kernel: tun0: open
kernel: module_register: module if_tun already exists!
kernel: Module if_tun failed to register: 17
kernel: can't re-use a leaf (if_tun_debug)!
kernel: tun0: mtu set
kernel: tun0: tuninit
kernel: tun0: address set, error=0
kernel: tun0: tunoutput
kernel: tun0: tunoutput
kernel: tun0: tuninit
kernel: tun0: address set, error=0
kernel: tun0: closed
kernel: tun0: tunoutput
kernel: tun0: not ready 032
kernel: tun0: tunoutput
kernel: tun0: not ready 032

I have been trying to turn off ESP support using sysctl. OpenBSD has an
OID called net.inet.esp.enable. This OID is not listed in sysctl -a.


Any advice is appreciated.

-Victor


_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to