> On 5/2/2019 4:16 PM, KOT MATPOCKuH wrote: > > 0.The ipsec-tools port currently does not have a maintainer (C) portmaster > > ... Does this solution really supported? Or I should switch to use > > another IKE daemon?
I've just started using IPSEC between a 12.0-RELEASE box, a 11.2-RELEASE-p9 box and a Cisco IOS router. I haven't seen any core dumps or crashes. I run routing between these devices (using RIPv2 rather than OSPF) - in order to do this you need to create tunnels between the devices because encrypting routing protocols and things that use multicast is tricky. I felt that that the handbook example was lacking - it should have been encrypting the tunnel endpoints and NOT the LAN traffic on either side of the tunnel. Anyway I built IPENCAP (aka IPinIP) tunnels using gif interfaces and configured racoon/ipsec-tools to build the SA/SADs using the tunnel endpoints and IP protocol 4 (IPENCAP). Step 1 was to confirm I could PING over the gif tunnel without crytpo. Then I fired up racoon (setkey to create the SA and racoon for IPSEC). If you want the configs let me know. Scott _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
