Re: doubt about IPSEC - Freebsd 7

From: Baldur Gislason <baldur@xxxxxx>
Date: Mon, 26 Nov 2007 11:15:20 +0000

And since we're on this subject... is it possible to do IPSEC over UDP
tunnels in FreeBSD now? I have a couple of networks with dumb NAT and
need a way to tunnel out of them in a reliable manner.

Baldur

On Sat, Nov 24, 2007 at 04:08:54PM +0100, VANHULLEBUS Yvan wrote:

Hi.

On Sat, Nov 24, 2007 at 03:11:05PM +0100, Giulio Ferro wrote:

I've noticed that in the kernel configuration IPSEC_ESP disappeared
from the options. It says that you just need device crypto and IPSEC.

Does this mean that with crypto and IPSEC I have all I need to treat
ESP like the old IPSEC_ESP option?

IPSEC_ESP was a needed option for KAME's IPSec implementation, which
is no longer in FreeBSD's kernel.

IPSEC now enables FAST_IPSEC stack, which just needs IPSEC and device
crypto.

I'm having some problems right now setting up a vpn to complete phase 2,
(the error is no proposal chosen).
Since ipsec-tools uses the facilities in the kernel, I want to make sure
that the
kernel provides everything racoon needs...

That really sounds like a configuration issue (racoon.conf, or perhaps
your SPD entries), racoon's debug on responder should give you more
informations on the problem.

Yvan.

--
NETASQ
http://www.netasq.com
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: doubt about IPSEC - Freebsd 7
  - From: Bjoern A. Zeeb

References:
- doubt about IPSEC - Freebsd 7
  - From: Giulio Ferro
- Re: doubt about IPSEC - Freebsd 7
  - From: VANHULLEBUS Yvan

Prev by Date: Re: Before & After Under The Giant Lock
Next by Date: Re: doubt about IPSEC - Freebsd 7
Previous by thread: Re: doubt about IPSEC - Freebsd 7
Next by thread: Re: doubt about IPSEC - Freebsd 7
Index(es):
- Date
- Thread

Relevant Pages

Re: hardware encryption under freebsd
... > interface to hardware and software implementations of cryptographic ... > "A FAST_IPSEC kernel option now allows the IPsec implementation to use the ... In general I see 100% utilization of the crypto h/w under IPsec ...
(FreeBSD-Security)
Re: FreeSwan and windows 2000 VPN
... Windows 2000 Workstation will only support IPSEC tunnels if it has a static ... This requirement took Win2K's native IPSEC support out of the running for us ...
(comp.os.linux.security)
Re: FreeSwan and windows 2000 VPN
... Windows 2000 Workstation will only support IPSEC tunnels if it has a static ... This requirement took Win2K's native IPSEC support out of the running for us ...
(comp.os.linux.security)
Linux 2.6 IPSec Tunnels
... I'm trying to set up IPSec tunnels between two private ... networks using the 2.6 kernel's native IPSec and ipsec-tools (which are ... gateways themselves is unencrypted). ...
(Security-Basics)
Re: Draytek Vigor 2600, L2TP tunnels?
... >> I can make PPTP connections, and router to router tunnels, but I can't get ... >> past Phase 1 of the L2TP using Internet Connect, ... > getting the IPsec tunnel going in the first place. ... > always difficult esp as the Vigor doesn't support NAT traversal. ...
(uk.comp.sys.mac)