vpnc RAW_SOCKET (again)

From: "Philip M. Gollucci" <pgollucci@xxxxxxxxxx>
Date: Mon, 29 Jan 2007 22:56:30 -0800

sudo vpnc /etc/vpnc/conf
add host a.b.c.d: gateway 64.183.12.161
add net 192.168.52.0: gateway 172.26.7.141
add net e.0.0.0: gateway 172.26.7.141
add net a.b.c.d: gateway 172.26.7.141
add net 172.26.0.0: gateway 172.26.7.141
add net 192.168.34.0: gateway 172.26.7.141
add net 172.28.0.0: gateway 172.26.7.141
add net 192.168.62.0: gateway 172.26.7.141
add net 192.168.38.0: gateway 172.26.7.141
add net 172.22.40.0: gateway 172.26.7.141
add net 172.24.54.0: gateway 172.26.7.141
add net 172.24.40.0: gateway 172.26.7.141
add net 192.168.66.0: gateway 172.26.7.141
add net 192.168.64.0: gateway 172.26.7.141
add net 192.168.46.0: gateway 172.26.7.141
add net 192.168.48.0: gateway 172.26.7.141
add net 192.168.56.0: gateway 172.26.7.141
add net 172.27.106.0: gateway 172.26.7.141
add net 172.25.109.10: gateway 172.26.7.141
add net 192.168.162.0: gateway 172.26.7.141
add net 172.16.20.0: gateway 172.26.7.141
add net 192.168.196.0: gateway 172.26.7.141
add net 192.168.248.0: gateway 172.26.7.141
add net 192.168.180.0: gateway 172.26.7.141
add net 192.168.67.0: gateway 172.26.7.141
add net 192.168.148.0: gateway 172.26.7.141
add net 192.168.54.0: gateway 172.26.7.141
add net 192.168.68.0: gateway 172.26.7.141
add net 172.29.0.0: gateway 172.26.7.141
add net 192.168.92.0: gateway 172.26.7.141
add net 192.168.123.0: gateway 172.26.7.141
add net 172.28.10.32: gateway 172.26.7.141
add net 172.28.11.32: gateway 172.26.7.141
socket(SOCK_RAW): Protocol not supported

This used to work on this exact computer. I have _not_ recompiled the
kernel or user land. The kernel config is attached (it does include
IPSEC_ESP)

What did change was the hostname
a.y.net -> b.y.net.

Also, I switched from Comcast to TimeWarner, then to TimeWarner business
class. The 3rd switch moved from me having 1 static ip and a router
with this computer having an ip of 192.168.100 to several static ips.

It now has a REAL routable ip address and is behind a routable gateway.

As far as I can tell this problem started happening because of this
networking switch. Coincidentally, the hostname switch was at the same
time.

The computer is still physically in the same location.

$ uname -a
FreeBSD goku.p6m7g8.net 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Sun
Jan 14 17:12:17 PST 2007
root@xxxxxxxxxxxxxxx:/usr/obj/usr/src/sys/HOME i386

$ /usr/local/sbin/vpnc --version
vpnc version 0.3.3
Copyright (C) 2002-2004 Geoffrey Keating, Maurice Massar
vpnc comes with NO WARRANTY, to the extent permitted by law.
You may redistribute copies of vpnc under the terms of the GNU General
Public License. For more information about these matters, see the files
named COPYING.

Supported DH-Groups: nopfs dh1 dh2 dh5
Supported Hash-Methods: md5 sha1
Supported Encryptions: des 3des aes128 aes192 aes256
Supported Auth-Methods: psk psk+xauth

--
------------------------------------------------------------------------
Philip M. Gollucci (pgollucci@xxxxxxxxxx) 323.219.4708
Consultant - P6M7G8 Consutling - http://p6m7g8.net/Resume/resume.shtml
Senior Software Engineer - Ticketmaster - http://ticketmaster.com
1024D/EC88A0BF 0DE5 C55C 6BF3 B235 2DAB B89E 1324 9B4F EC88 A0BF

We're halfway there
Livin' on a prayer
Take my hand and we'll make it-I swear
Livin' on a prayer
###############################################################################
################################## Architecture ###############################
###############################################################################
machine i386
maxusers 0
cpu I686_CPU # aka Pentium Pro(tm)
ident HOME

device npx

###############################################################################
################################# Compatibility ###############################
###############################################################################
options COMPAT_43
options COMPAT_LINUX

options SCHED_ULE

###############################################################################
################################# Networking ##################################
###############################################################################
options INET #Internet communications protocols
options IPSEC #IP security
options IPSEC_ESP #IP security (crypto; define w/ IP

device loop #Network loopback device
device ether #Generic Ethernet
device tun
device tap
device bpf # Berkeley packet filter
device if_bridge

device miibus
device em # <Accton MPX 5030/5038 10/100BaseTX>

###############################################################################
########################## Firewalls ##########################################
###############################################################################
options IPFIREWALL #firewall
options IPFIREWALL_VERBOSE #enable logging to syslogd(8)
options IPFIREWALL_VERBOSE_LIMIT=100 #limit verbosity
options IPFIREWALL_DEFAULT_TO_ACCEPT

options IPDIVERT #divert sockets
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging

options IPSTEALTH #support for stealth forwarding
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN

options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP

options ZERO_COPY_SOCKETS
###############################################################################
################################# FileSystems #################################
###############################################################################
options FFS #Memory File System
options CD9660 #ISO 9660 filesystem
options NFSCLIENT
options MD_ROOT
options LINPROCFS
options PSEUDOFS # Pseudo-filesystem framework
options PROCFS # Process filesystem (requires PSEUDOFS)

options SOFTUPDATES
options UFS_DIRHASH
options QUOTA #enable disk quotas

###############################################################################
############################## ATA Devices ####################################
###############################################################################
device isa
device pci

device ata
device atadisk
device atapicd # ATAPI CDROM drives
device atapifd # ATAPI floppy drives
options ATA_STATIC_ID

########## SCSI
device ahc
device scbus
device da
device cd

###############################################################################
############################### Misc Devices ##################################
###############################################################################
device pty #Pseudo ttys
device speaker #Play IBM BASIC-style noises out your speaker
device snp #Snoop device - to look at pty/vty/etc..
device md

device atkbdc
device atkbd
device psm

device random

device vga
device agp

# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device usb # USB Bus (required)
device ugen # Generic
device uhid # "Human Interface Devices"
device ukbd # Keyboard
device ums # Mouse

###############################################################################
################################## Terminal Options ###########################
###############################################################################
device sc
options MAXCONS=16 # number of virtual consoles

options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores

makeoptions DEBUG=-g
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Prev by Date: Re: how to enable linux flash player in firefox
Next by Date: Your message to swinog awaits moderator approval
Previous by thread: isdn
Next by thread: Your message to swinog awaits moderator approval
Index(es):
- Date
- Thread

Relevant Pages

VPNC seems to connect, but cannot ping any IPs
... I'm using VPNC to get into my works VPN, ... add host $SERVER: gateway 192.168.1.1 ... add net $A.0: gateway $GATE ... inet 192.168.1.84 netmask 0xffffff00 broadcast 192.168.1.255 ...
(freebsd-net)
Re: Gateway Upgrade Policy for MCE 2005
... > According to the link you have posted - it appears that Gateway have ... > chosen to only supply MCE 2005 on new systems. ... > Center PC from Gateway did they promise a free upgrade to ... > hardware restrictions and requirements the best people to support this ...
(microsoft.public.windows.mediacenter)
Re: OT: Ping Isaac
... aside to my main role of Support Engineer / Help Desk Eng and it ... the network cabling, ... also had a MSMail to SMTP gateway, an X.25 gateway, Async gateways, a ... Because I was the first tech to install a mail system of any kind ...
(uk.comp.sys.mac)
Re: Gateway Upgrade Policy for MCE 2005
... > Please see the Gateway Support FAQ at the bottom of this ... > Gateway with MS having plausible deniability via its OEM- ... > offering the upgrade directly, ... to only supply MCE 2005 on new systems. ...
(microsoft.public.windows.mediacenter)
Re: And Yet A New Twist
... Gateway support and no bad experiences with Dell. ... hours on the phone troubleshooting with tech support, ...
(alt.sys.pc-clone.dell)