[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec vpn

To: Deepak Vaidya <shad0wlight@pop.softhome.net>,Denis A Ustimenko <denis@oldham.ru>
Subject: Re: ipsec vpn
From: Markus Friedl <Markus.Friedl@informatik.uni-erlangen.de>
Date: Mon, 5 Jul 1999 14:32:25 +0200
Cc: misc@openbsd.org, faq@openbsd.org
References: <C62567A5.0042F881.00@ls.oldham.ru> <000001bec66a$deb17f40$0c0ba8c0@tsunami.shad0wlight.org>

On Sun, Jul 04, 1999 at 06:16:31PM -0400, Deepak Vaidya wrote:
> I get pfkey: Operation not supported.

On Mon, Jul 05, 1999 at 07:11:28PM +0700, Denis A Ustimenko wrote:
> I've upgraded from 2.4 to 2.5.
> [...]
> pfkey: Operation not supported

in 2.5, you have to enable the kernel IPsec handling with sysctl:

nohow% egrep 'esp|ah' /etc/sysctl.conf 
net.inet.esp.enable=1           # 1=Enable the ESP IPSec protocol
net.inet.ah.enable=1            # 1=Enable the AH IPSec protocol

reboot after editing /etc/sysctl.conf 

-markus

PS: this should be in the faq for 2.5 (xx: OpenBSD 2.5 Specific Information )
PPS: man 4 ipsec says on OpenBSd-current:

	NOTE
	     IPSec is enabled with the following sysctl(3) variables in
	     /etc/sysctl.conf:

	     net.inet.esp.enable    Enable the ESP IPSec protocol

	     net.inet.ah.enable     Enable the AH IPSec protocol

Follow-Ups:
- RE: ipsec vpn
  - From: "Deepak Vaidya" <shad0wlight@pop.softhome.net>

References:
- ipsecadm
  - From: "Denis A Ustimenko" <denis@oldham.ru>
- ipsec vpn
  - From: "Deepak Vaidya" <shad0wlight@pop.softhome.net>
- ipsec vpn
  - From: "Deepak Vaidya" <shad0wlight@pop.softhome.net>

Prev by Date: ipsecadm
Next by Date: Re: Xaccess question
Prev by thread: ipsec vpn
Next by thread: RE: ipsec vpn
Index(es):
- Date
- Thread