IPSEC on 5.5

Vince Hoffman vince at unsane.co.uk
Fri Oct 20 08:49:34 BST 2006

Jonathan Schneider wrote:
> I'm trying to get IPSEC going on 5.5 according to
> http://www.freebsd.org/doc/handbook/ipsec.html
> There seem to be a few anomolies in the racoon department like it's
> racoon2 that exists as a port, its startup rc is slightly broken. It
> wants to run /usr/local/etc/rc.d/spmd and friends whereas spmd.sh exists.
> Should I be trying isakpmd instead ?

No use ipsec-tools instead this seems to be the best supported version
of racoon these days. http://www.freebsd.org/doc/handbook/ipsec.html
does actually say to use this port.

I had this happily running a site to site VPN to a PIX 501 for about a year.


> I've got some untested script for setting up multiple VPNs that reads
> lines from a file containing addresses, psk etc. and builds suitable
> bits of ipf.conf (yes I like ipfilter), ipsec.conf and something to be
> included by rc.conf according to the example in the handbook page.
> What do other folk use and can the documentation be fixed please ? I
> have briefly tinkered with ipsec in the past but never with key
> negotiation. I think I might try to stick with manual keying for the
> time being unless somebody can confirm racoon's brokenness is only in
> the rc scripts.
> Also why are both esp and ipencap protocols allowed when presumably only
> one flows ?
> Jon
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users

More information about the Ukfreebsd mailing list