IPSec and racoon issue...

Chris Watson bsdunix44 at gmail.com
Fri Jan 2 02:59:30 UTC 2015 

Horribly, embarrassingly, humbly, I have to confess to doing exactly what
you were just about to drop the hammer on me for doing. My memory from last
night is a little fuzzy from NYE. But after thinking about it I think I
used "MYKERNCONF=" instead of "KERNCONF=" while building the kernel. And
sure enough you know exactly what happens then. A GENERIC kernel. It's been
a while since I have done anything that dumb. I didn't even think to check
the kernel. I kept looking at everything else, src, UPDATING, commits, etc.
Now I am going to have to go back to IRC and help 10 others with FreeBSD
issues as penance. Thanks for the gentle clue stick slap in the head
Bjoern!

Chris



On Thu, Jan 1, 2015 at 8:26 PM, Bjoern A. Zeeb <
bzeeb-lists at lists.zabbadoz.net> wrote:

>
> > On 02 Jan 2015, at 02:12 , Chris Watson <bsdunix44 at gmail.com> wrote:
> >
> > Bjoern,
> >
> > Well now the puzzle deepens. I noticed about 5 minutes before your email
> came through I have NO *ipsec* or *net.key* sysctls.
> >
> > It's like the crypto subsystem isn't getting pulled in to my kernel
> compile, even though its in the config. Whaaaat? I wonder if my src tree is
> jacked. But how could the kernel build if it didn't have all the bits that
> are in my kernel config? Maybe I pulled a src update in the middle of
> someones commit? This is really weird.
> >
> > Kernel Config of the server in question:
> >
> > # $FreeBSD: stable/10/sys/amd64/conf/GENERIC 272313 2014-09-30 16:55:19Z
> bz $
> >
> > cpu             HAMMER
> > ident           PRIYANKA
> >
> > ….
>
> > # IPSec support
> > options         IPSEC                   # Enable IPSec support
> > device          crypto                  # Use the Crypto framework
> > device          cryptodev
> > options         IPSEC_FILTERTUNNEL      # Allowing packet filtering on
> tunneled packets
> > device          enc                     # Support for the encapsulating
> interface
>
> Good. So this is a kernel build/install issue after all.
>
> You sure you did build and installed the right kernel config (did you save
> this with a different name than GENERIC?);  check uname for what you are
> running.
>
>> Bjoern A. Zeeb                                  Charles Haddon Spurgeon:
> "Friendship is one of the sweetest joys of life.  Many might have failed
>  beneath the bitterness of their trial  had they not found a friend."
>
>

More information about the freebsd-stable mailing list