On 19/02/2014 2:31 AM, Clemens Schrimpe wrote: > On 18.02.2014, at 16:12, Francois ten Krooden <f...@nanoteq.com> wrote: > >> I will have a look on my test setup with FreeBSD to see if I can get the >> same error. > Thank you. Watch for messages re: PF_ROUTE failed, like these: > > 21[KNL] adding PF_ROUTE route failed: Invalid argument > 21[KNL] installing route failed: 192.68.1.1/32 via (null) src %any dev vtnet1 > > >> As far as I know there wasn’t any changes that would cause this issue. > My suspicion is, that the PF_ROUTE interfaces vary between Linux, OpenBSD and > FreeBSD - and nobody really "ported" the code. Again: This is just a rough > suspicion - I need to familiarize myself with the respective interfaces > within Linux / OpenBSD. > > >> Just a question, did you recompile the standard FreeBSD kernel to include >> the support for IPsec, since the default kernel does not include the IPsec >> support. > Of course. And Raccoon works fine - it just sucks in so many other ways, that > I'd rather use Strongswan :-) > > Thanks - > > Clemens >
Clemens, I only use FreeBSD 9.2Stable and Strongswan 5.1.1 performs nicely. After setting knl=4 in charon debug, I received this: # grep -i route /var/log/auth.log |tail -n1 Feb 20 06:17:24 admin2 charon: 11[KNL] installing route: 10.130.30.17/32 via 172.16.200.6 src 10.16.200.47 dev vga1 which seems to be what you're after. So the issue doesn't appear to reside with strongswan? FYI: Downloaded and build on: FreeBSD 9.2-STABLE #0: Sun Jan 19 19:07:34 EST 2014 There are two tricks with using enc0 - firstly it must be enabled (ifconfig enc0 up) and there are some tricks to getting it to reveal exactly what you're after, the "man 4 enc" is quite helpful. Regards, Dewayne. _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
