IPSec woes

Andrew Falanga af300wsm at gmail.com
Wed Apr 23 20:45:45 UTC 2008

I'm going off of the handbook section for setting up IPsec but I'm
having some problems because I'm having to modify the instructions
some.  The handbook section covers a VPN secured by IPsec, but I'm
trying to setup a point-to-point between my host and another.

All seemed to be going well.  I've compiled it into my kernel.  I've
installed racoon from ports and the first time I tried to ping my peer
host, it paused for several seconds and then started up (as the
handbook mentions).  However, when I do "setkey -D" I get, "no SAD
entries."  This makes me sad.  Sorry, I couldn't resist.

I have this in my /etc/ipsec.conf file (in the below is my
IP, is the remote host):

add ipcomp 256 3des

I should make note that the other host is not a FreeBSD machine, it is
a printer.  I'm doing this as an exercise to learn setting this up.

As for the racoon setup file, I copied the file from
/usr/local/share/examples/ipsec-tools/racoon.conf to
/usr/local/etc/racoon and modified only this entry:

sainfo address any address any
        pfs_group 2;
        lifetime time 30 sec;
        encryption_algorithm 3des;
        authentication_algorithm hmac_md5;
        compression_algorithm deflate;

Any help is greatly appreciated.  Thanks.  Oh, what makes me think
that it's not working is wireshark and tcpdump both didn't seem to
dump anything that would lead me to believe anything is being
encrypted.  What's odd, is that this printer I'm working against has
been set to disallow any traffic from my IP address without it's being


 A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

More information about the freebsd-questions mailing list