FreeBSD 5.3 IPSec

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Mon Oct 4 09:25:12 PDT 2004


On Mon, 4 Oct 2004, Sergey Smitienko wrote:

Hi,

> I'm having problem with an IPSec connection between two test hosts running
> 5.3-BETA3 using isakmpd.
> Both kernels are GENERIC with IPSEC/IPSEC_ESP options additions. As far as I
> understand from
> the isakmpd debug output it does negotiate a connection and then fails to
> setup kernel to use encryption
> between this two hosts.

looks like the same problem a lot of racoon users had seen. It should
go away if you update to BETA7 or apply following patch:
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netkey/key.c.diff?r1=1.65.2.1&r2=1.65.2.2

If updating or patching is not an option you need to at least compile
a new kernel. The workaround was to compile the kernel with MSIZE=512 I
think. You should be able to find it in the archives of last month
from current at .

-- 
Greetings
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT


More information about the freebsd-current mailing list