IPSec and racoon issue...

Fri Jan 2 02:27:24 UTC 2015

> On 02 Jan 2015, at 02:12 , Chris Watson <bsdunix44 at gmail.com> wrote:
> 
> Bjoern,
> 
> Well now the puzzle deepens. I noticed about 5 minutes before your email came through I have NO *ipsec* or *net.key* sysctls. 
> 
> It's like the crypto subsystem isn't getting pulled in to my kernel compile, even though its in the config. Whaaaat? I wonder if my src tree is jacked. But how could the kernel build if it didn't have all the bits that are in my kernel config? Maybe I pulled a src update in the middle of someones commit? This is really weird.
> 
> Kernel Config of the server in question:
> 
> # $FreeBSD: stable/10/sys/amd64/conf/GENERIC 272313 2014-09-30 16:55:19Z bz $
> 
> cpu             HAMMER
> ident           PRIYANKA
> 
> ….

> # IPSec support
> options         IPSEC                   # Enable IPSec support
> device          crypto                  # Use the Crypto framework
> device          cryptodev 
> options         IPSEC_FILTERTUNNEL      # Allowing packet filtering on tunneled packets
> device          enc                     # Support for the encapsulating interface

Good. So this is a kernel build/install issue after all.

You sure you did build and installed the right kernel config (did you save this with a different name than GENERIC?);  check uname for what you are running.

— 
Bjoern A. Zeeb                                  Charles Haddon Spurgeon:
"Friendship is one of the sweetest joys of life.  Many might have failed
 beneath the bitterness of their trial  had they not found a friend."