And since we're on this subject... is it possible to do IPSEC over UDP tunnels in FreeBSD now? I have a couple of networks with dumb NAT and need a way to tunnel out of them in a reliable manner.
Baldur On Sat, Nov 24, 2007 at 04:08:54PM +0100, VANHULLEBUS Yvan wrote: > Hi. > > > On Sat, Nov 24, 2007 at 03:11:05PM +0100, Giulio Ferro wrote: > > I've noticed that in the kernel configuration IPSEC_ESP disappeared > > from the options. It says that you just need device crypto and IPSEC. > > > > Does this mean that with crypto and IPSEC I have all I need to treat > > ESP like the old IPSEC_ESP option? > > > > IPSEC_ESP was a needed option for KAME's IPSec implementation, which > is no longer in FreeBSD's kernel. > > IPSEC now enables FAST_IPSEC stack, which just needs IPSEC and device > crypto. > > > > I'm having some problems right now setting up a vpn to complete phase 2, > > (the error is no proposal chosen). > > Since ipsec-tools uses the facilities in the kernel, I want to make sure > > that the > > kernel provides everything racoon needs... > > That really sounds like a configuration issue (racoon.conf, or perhaps > your SPD entries), racoon's debug on responder should give you more > informations on the problem. > > > > Yvan. > > -- > NETASQ > http://www.netasq.com > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
