IPSec troubles
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Tue Mar 30 04:35:07 PST 2004
On Tue, 30 Mar 2004, Cyrill Rüttimann wrote:
Hi,
> > If this is the remaining problem apart from the yet known (where KAME
> > people cannot find the time to review at the moment) I may look into
> > this; have setup my wireless connection on a 5.2.1 notebook (being
> > updated to HEAD soon) to use IPSec lately so I have a 'testbed' now.
>
> Please can you report if IPSec is working with current or the latest
> stable?
>
> With 5.2.1, you are lost completely. IPSec with kernel options do not
> work and if you enable FAST_IPSEC (which should work), you end up not
> able to compile the kernel. There was a patch mentioned to solve this,
> but for me it did not work.
I have been able to use IPSEC (do not know about FAST_IPSEC) with
5.2.1R miniinst installation on following setup:
notebook(wi0) <---> AP(bridge) <----> (fxp2)router
I am now on a 5.2.1R with a private kernel incooperated some of my
IPSEC related patches from HEAD (not all) and it also works.
What I had to do had been "excluding IKE traffic" by doing s.th.
like this (router side config):
spdadd ROUTER[500] NOTEBOOK[500] udp
-P out none ;
spdadd NOTEBOOK[500] ROUTER[500] udp
-P in none ;
This for sure is not the most nifty way to do but it works.
--
Greetings
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
56 69 73 69 74 http://www.zabbadoz.net/
More information about the freebsd-net
mailing list