Hi.


On Sat, Nov 24, 2007 at 03:11:05PM +0100, Giulio Ferro wrote:
> I've noticed that in the kernel configuration IPSEC_ESP disappeared
> from the options. It says that you just need device crypto and IPSEC.
>
> Does this mean that with crypto and IPSEC I have all I need to treat
> ESP like the old IPSEC_ESP option?
>


IPSEC_ESP was a needed option for KAME's IPSec implementation, which
is no longer in FreeBSD's kernel.

IPSEC now enables FAST_IPSEC stack, which just needs IPSEC and device
crypto.


> I'm having some problems right now setting up a vpn to complete phase 2,
> (the error is no proposal chosen).
> Since ipsec-tools uses the facilities in the kernel, I want to make sure
> that the
> kernel provides everything racoon needs...


That really sounds like a configuration issue (racoon.conf, or perhaps
your SPD entries), racoon's debug on responder should give you more
informations on the problem.



Yvan.

--
NETASQ
http://www.netasq.com
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/lis...reebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"