IPSEC, am I missing something?
Erik Nørgaard
norgaard at locolomo.org
Sun Aug 27 22:21:35 UTC 2006
Jim Stapleton wrote:
> What I found and added:
> #ipsec: Required for VPN
> options IPSEC #IP security
> options IPSEC_ESP #IP security (crypto; define w/ IPSEC)
> #ipsec optimsations
> options FAST_IPSEC # new IPsec (cannot define w/ IPSEC)
> options IPSEC_FILTERGIF #filter ipsec packets from a tunnel
>
> before adding these, I just had the default 6.1 generic kernel file
> with a few things commented and a couple uncommented.
Just start with the first two options, then add the others if needed.
But before you start, check if this actually solves the problem. There
is a well known problem with IPSec across NAT-firewalls: Authenticated
Headers don't work.
Not all kernel options are in the GENERIC file, look for the NOTES file,
platform specific NOTES are where you find the GENERIC for your
platform, but there is also a general NOTES.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4128 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060827/937dbf7c/smime.bin
More information about the freebsd-questions
mailing list