A
Anonymous
Guest
I am in the process of setting up my FreeBSD 8.2-RELEASE (GENERIC) for providing Dial-In-VPN/L2TP-IPsec support.
In the last few days I sorted out most of the obstacles by reading the handbook, by googling, and by reading tons of how-to's - some of them being quite old. Finally, the system is running. However, doing a final clean-up seems to be a good idea.
The FreeBSD handbook suggested, that IPsec support must be compiled into a custom kernel by adding the following options:
I compiled the kernel according to this, only to find out later, that another option is needed in order to avoid warnings on starting up racoon (this is not documented in man ipsec):
In a third step, I added more options for firewall tunnel filtering:
I have still a problem with my VPN traversing a SOHO router. Now, I am unsure whether I need to compile my custom IPsec kernel the fourth time after adding:
I am even unsure, whether all these options are still valid for the latest FreeBSD Fast-IPsec implementation, and, eventually, some new options are available now. Therefore my question, where can I find the definite source of all valid FreeBSD 8.2 (Fast)IPsec kernel options and related devices.
Many tanks for any reply.
Best regards
Rolf
In the last few days I sorted out most of the obstacles by reading the handbook, by googling, and by reading tons of how-to's - some of them being quite old. Finally, the system is running. However, doing a final clean-up seems to be a good idea.
The FreeBSD handbook suggested, that IPsec support must be compiled into a custom kernel by adding the following options:
Code:
options IPSEC # IP security
device crypto
Code:
options IPSEC_NAT_T
Code:
options IPSEC_FILTERTUNNEL
device enc
Code:
options IPSEC_ESP
Many tanks for any reply.
Best regards
Rolf