state of ipsec
Guido van Rooij
guido at gvr.org
Mon Feb 16 04:52:33 PST 2004
On Sun, Feb 15, 2004 at 01:37:00AM +0000, Bruce M Simpson wrote:
> On Sun, Feb 15, 2004 at 12:54:26AM +0100, Tobias Roth wrote:
> > yes, setkey -D never outputs anything, no SAs get created at all.
>
> This would tend to suggest either IPSEC support is missing from the kernel,
> or there has been a problem when racoon is issuing PF_KEY socket writes.
>
> Can you recompile with IPSEC_DEBUG enabled and try to replicate the problem?
IIRC IPSEC currentky has the porblem that if you happen to use require
in your policies, even the ISAKMP packets do not gte out.
I switched to FAST_IPSEC, which doesnt have this problem.
You can of course also use "use" in stead of "require".
-Guido
More information about the freebsd-current
mailing list