[ previous ] [ next ] [ threads ]
 From:  Peter Allgeyer <allgeyer at web dot de>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] VPNC for m0n0wall
 Date:  Wed, 17 Nov 2004 19:59:35 +0100
Am Mo, den 15.11.2004 schrieb Scott Ullrich um 3:39:
> I just did a quick search for vpnc and its already included in the
> FreeBSD ports collection:

Have compiled version vpnc-0.2-rm+zomb.1 with a patch from [1]
successfully (thanks to Michael for this great patch, I'm currently
trying to port it up to vpnc 0.3.1). Binary is now about 130k big and
linked statically against libtommath and libtomgrypt. 
> Let me know if you need any help with this.

Yes, there is an information in the ports collection about FAST_IPSEC:

---< schnipp >---
If vpnc fails with

    socket(SOCK_RAW): Protocol not supported

check your kernel configuration. The ESP protocol is only
enabled for FAST_IPSEC (this cannot be configured together with
IPSEC). See LINT for further details.
---< schnapp >---

M0n0wall is using FAST_IPSEC kernel option, so no problem, I thought :-(
There must be another problem with the options compiled in m0n0wall,
because it's not possible to open a raw socket to the ESP port (as in
tunip.c). Maybe someone can track this down. Here is a sample code to
play with:

---< schnipp >---
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
int main() {
    int fd;
    fd = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
    printf("fd = %d\n", fd);
    if (fd == -1)
---< schnapp >---

Any hints?

Ciao ...
	... PIT ...

[1] http://www.foldr.org/~michaelw/

 copyleft(c) by |   _-_     Portability should be the default.  -- Larry
 Peter Allgeyer | 0(o_o)0   Wall in <199711072201 dot OAA01123 at wall dot org>