[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Peter Allgeyer <allgeyer at web dot de>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] VPNC for m0n0wall
 Date:  Wed, 17 Nov 2004 20:22:50 +0100 
On 17.11.2004 19:59 +0100, Peter Allgeyer wrote:

> Yes, there is an information in the ports collection about
> FAST_IPSEC:
> 
> ---< schnipp >---
> If vpnc fails with
> 
>     socket(SOCK_RAW): Protocol not supported
> 
> check your kernel configuration. The ESP protocol is only
> enabled for FAST_IPSEC (this cannot be configured together with
> IPSEC). See LINT for further details.
> ---< schnapp >---
> 
> M0n0wall is using FAST_IPSEC kernel option, so no problem, I
> thought :-( There must be another problem with the options compiled
> in m0n0wall, because it's not possible to open a raw socket to the
> ESP port (as in tunip.c). Maybe someone can track this down. Here
> is a sample code to play with:

I've toyed with vpnc on FreeBSD 4.10 a few months ago (for use with
the Cisco VPN concentrator at the university), and I actually had to
remove all kernel-based IPsec support (i.e. no FAST_IPSEC, and no
IPSEC(_ESP) either) to make it work, since vpnc handles ESP in
userland.

- Manuel