IPSEC on 5.5

Jonathan Schneider jon at axismilton.ltd.uk
Thu Oct 19 20:17:27 BST 2006


I'm trying to get IPSEC going on 5.5 according to http:// 
www.freebsd.org/doc/handbook/ipsec.html

There seem to be a few anomolies in the racoon department like it's  
racoon2 that exists as a port, its startup rc is slightly broken. It  
wants to run /usr/local/etc/rc.d/spmd and friends whereas spmd.sh  
exists.

Should I be trying isakpmd instead ?

I've got some untested script for setting up multiple VPNs that reads  
lines from a file containing addresses, psk etc. and builds suitable  
bits of ipf.conf (yes I like ipfilter), ipsec.conf and something to  
be included by rc.conf according to the example in the handbook page.

What do other folk use and can the documentation be fixed please ? I  
have briefly tinkered with ipsec in the past but never with key  
negotiation. I think I might try to stick with manual keying for the  
time being unless somebody can confirm racoon's brokenness is only in  
the rc scripts.

Also why are both esp and ipencap protocols allowed when presumably  
only one flows ?

Jon





More information about the Ukfreebsd mailing list