Andrew Reilly wrote: > Hi there, > > I used ports/security/vpnc with some success some time ago, but > then stopped because I didn't need it. Since then I've > upgraded my -STABLE many times, and portupgrade has upgraded > vpnc at least once, and now it doesn't seem to work anymore. > I've been poking it quite vigerously, this afternoon, without > much success: I can start it from the command line, with > debugging turned on and no-disconnect from the control terminal, > and can see from the debug trace that connection, authentication and > network route setup all seem perfect. Just no packets ever seem > to get through the tun0 link. > I'm running -CURRENT so the situation isnt identical but vpnc works fine here. this is though NAT with vpnc-0.4.0_1
[EMAIL PROTECTED] add host 80.169.168.42: gateway 192.168.10.2 add net 10.49.11.0: gateway 10.100.223.50 add net 10.44.19.0: gateway 10.100.223.50 VPNC started in background (pid: 24376)... [~](14:19:30) [EMAIL PROTECTED] -su: !ftp: event not found [~](14:19:32) [EMAIL PROTECTED] 10.49.11.252 Connected to 10.49.11.252. 220 Access to this system is restricted to authorised users only. If you are not authorised please disconnect now. All transfers are logged. Name (10.49.11.252:jhary): ^C [~](14:20:07) [EMAIL PROTECTED] Terminating vpnc daemon (pid: 24376) > Now, I remember from long ago that vpnc does not like IPSec in > the kernel, because (from memory) the kernel gets to the esp > packets before vpnc (which handles them in user-space), and the > wrong thing happens. The difference, now, seems to be that > there is no longer a config option to disable IPSEC. Or is > there? > > Is there any way to disable kernel IPSEC in 6-STABLE? > Its not enabled in GENERIC, so you wont have IPSEC Unless you have built a custom kernel. Cant offer much beyond that though I'm afraid. Has it setup the routing correctly? sorry i cant help more, Vince > There doesn't seem to be anything in kldstat to indicate that > any ipsec foo has been dynamically loaded. Indeed, there > doesn't seem to be anything in sysctl -a relating to ipsec > either: does that mean that it somehow *is* disabled? > > Any other thoughts on how to improve my situation? > > Cheers, > _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
