Re: IPSec troubles

• Previous message: Cyrill Rüttimann: "Re: IPSec troubles"
• In reply to: Cyrill Rüttimann: "Re: IPSec troubles"
• Next in thread: Hajimu UMEMOTO: "Re: IPSec troubles"
• Reply: Hajimu UMEMOTO: "Re: IPSec troubles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 30 Mar 2004 12:33:08 +0000 (UTC)
To: Cyrill Rüttimann <ruettimac@mac.com>

On Tue, 30 Mar 2004, Cyrill Rüttimann wrote:

Hi,

> > If this is the remaining problem apart from the yet known (where KAME
> > people cannot find the time to review at the moment) I may look into
> > this; have setup my wireless connection on a 5.2.1 notebook (being
> > updated to HEAD soon) to use IPSec lately so I have a 'testbed' now.
>
> Please can you report if IPSec is working with current or the latest
> stable?
>
> With 5.2.1, you are lost completely. IPSec with kernel options do not
> work and if you enable FAST_IPSEC (which should work), you end up not
> able to compile the kernel. There was a patch mentioned to solve this,
> but for me it did not work.

I have been able to use IPSEC (do not know about FAST_IPSEC) with
5.2.1R miniinst installation on following setup:

notebook(wi0) <---> AP(bridge) <----> (fxp2)router

I am now on a 5.2.1R with a private kernel incooperated some of my
IPSEC related patches from HEAD (not all) and it also works.

What I had to do had been "excluding IKE traffic" by doing s.th.
 like this (router side config):

spdadd ROUTER[500] NOTEBOOK[500] udp
        -P out none ;

spdadd NOTEBOOK[500] ROUTER[500] udp
        -P in none ;

This for sure is not the most nifty way to do but it works.

-- 
Greetings
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
56 69 73 69 74				http://www.zabbadoz.net/
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Cyrill Rüttimann: "Re: IPSec troubles"
• In reply to: Cyrill Rüttimann: "Re: IPSec troubles"
• Next in thread: Hajimu UMEMOTO: "Re: IPSec troubles"
• Reply: Hajimu UMEMOTO: "Re: IPSec troubles"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Attacks on IPsec ... > group disown what is only now starting to be deployed. ... (which in turn implies replacing everybody's kernel). ... advantage over end-to-end ipsec ... ... communicating for the first time with a complete stranger (aka the ... (sci.crypt) Debugging with memguard... ... I'm trying to track down a memory issue with IPsec in CURRENT. ... PS Kernel Config attached but it's not very interesting I think. ... # Power management support ... (freebsd-current) Potential IPSec DoS/Kernel Panic with 2.6.13 ... I've found what I believe is a potential DoS condition in IPSec using Debian ... Custom Linux kernel 2.6.13 ... This oversize ping packet seems to repeatedly crash the ... (Linux-Kernel) NAT + IPsec in 2.6.0-test2 ... 2.6.0-test2-mm1 kernel on my home Internet gateway system. ... Basically the IPsec tunnel had only a single IP address on the remote ... (Linux-Kernel) Re: A radical restructuring of IPsec... ... The IPSEC kernel option is removed, ... This is a test patch and has a known problem with routing packets through a node. ... KAME IPSEC is one of those components, so if you compile KAME IPSEC into your kernel, you see a significant performance loss. ... (freebsd-net)