On Sun, Dec 17, 2006 at 02:16:48PM +0100, viq wrote:
> Yes, again... I am trying to set up VPN using IPSec, right now very
> basic setup, and it doesn't work as expected.
> Hosts being involved are keibi that acts as server, and trying to
> connect to it laptop sentan.
there's an error in ipsecctl in -current which breaks ipsecctl unless you are
loading your rules with the verbose flag ( ie. ipsecctl -vf ipsec.conf )
I found it today and am just waiting for an okay to commit the fix,
could you try out this diff in the meantime ?
Index: ike.c
===================================================================
RCS file: /cvs/src/sbin/ipsecctl/ike.c,v
retrieving revision 1.58
diff -u -p -u -p -r1.58 ike.c
--- ike.c 30 Nov 2006 21:35:34 -0000 1.58
+++ ike.c 17 Dec 2006 05:33:02 -0000
@@ -578,6 +578,7 @@ ike_connect(struct ipsec_rule *r, FILE *
static int
ike_gen_config(struct ipsec_rule *r, FILE *fd)
{
+ ike_setup_ids(r);
ike_section_general(r, fd);
ike_section_peer(r, fd);
if (ike_section_p1(r, fd) == -1) {
@@ -598,6 +599,7 @@ ike_gen_config(struct ipsec_rule *r, FIL
static int
ike_delete_config(struct ipsec_rule *r, FILE *fd)
{
+ ike_setup_ids(r);
#if 0
switch (r->ikemode) {
case IKE_ACTIVE:
@@ -683,7 +685,6 @@ ike_setup_ids(struct ipsec_rule *r)
int
ike_print_config(struct ipsec_rule *r, int opts)
{
- ike_setup_ids(r);
if (opts & IPSECCTL_OPT_DELETE)
return (ike_delete_config(r, stdout));
else
--
Mathieu Sauve-Frankel
