The FreeBSD Diary

The FreeBSD Diary (TM)

Providing practical examples since 1998

If you buy from Amazon USA, please support us by using this link.
FreeBSD Support
 New Topic  |  Go to Top  |  Go to Topic  |  Search  |  Log In   Newer Topic  |  Older Topic 
 pipsecd: (SOCK_RAW):protocol not supported
Author: Bjorn Tornqvist 
Date:   17-07-00 14:15


Just tried to install an encrypting tunnel as in the recent tutorial, however I can't get it to work.
Situation: Two identical 4.0STABLE (3 weeks ago) machines running natd.
Kernels compiled with:
pseudo-device bpf
pseudo-device tun 1
options INET
options IPDIVERT
options IPSEC
options IPSEC_ESP
no gif, faith, inet6

Ok, so what really happens? Well, the pipsecd can't open tun0 in raw mode.
tun0 exists in /dev.

The error is this during boot:
Additional local services: pipsecdsocket(SOCK_RAW): protocol not supported.
ifconfig interface tun0 does not exist.

/var/log/messages only contains one line: "pipsecd starting.".

Ok, so, does tun0 exist?

ifconfig -a (after booting) does not display tun0

doing "cat > tun0 < echo hejsan" works fine, after doing that ifconfig -a *does* display tun0. After that, I can bring the tun0 interface up or down without ifconfig complaing.
So, clearly, tun0 works fine (right?) but pipsecd can't use it.
Anyone know anything that could help me?


Reply To This Message
 RE: pipsecd: (SOCK_RAW):protocol not supported
Author: Philip Hallstrom 
Date:   17-07-00 17:56

I'm not sure about this, but I don't think you need (and maybe you don't want) the IPSEC stuff in the kernel.

However, before removing that, try "sleep 3" or so in between the pipsecd command and ifconfig'ing (step 4 of the tutorial).

I don't know why, but on 4.0, tun0 doesn't "exist" until an application opens it. See if that solves your problem...

good luck -philip

Reply To This Message
 RE: pipsecd: (SOCK_RAW):protocol not supported
Author: Bjorn Tornqvist 
Date:   18-07-00 12:12

Ok, I've solved the problem now (ie no more pipsecd complains - can't test until monday when the machines on the other side of the VLAN arrives).
The problem is very strange, and the solutions is even stranger... ;)
Using a sleep right after pipsecd makes it complain! Removing the sleep completely results in pipsecd being able to open SOCK_RAW - (does the sleep suspend the shell, and therefore somehow by any freak feature the childprocesses (pipsecd) causing it to not being able to open the socket O_NONBLOCK???)
Anyway, so this is what I have (up to this point in my description): No sleep, no pipsecd complaints, but ifconfig fails since tun0 doesn't exist.
My solution:
echo test > /dev/tun0
pipsecd <args> &
/sbin/ifconfig tun0 <args>
/sbin/route <args>
--- eof ---
But, as I said, while there are no warnings - I can't test the system live until next week.


Btw: Any comments/pointers would be greatly appreciated. Somehow my solution sucks greatly. :)

Reply To This Message
 Forum List  |  Threaded View   Newer Topic  |  Older Topic 

 User Login
 User Name:
 Remember my login:
 Forgot Your Password?
Enter your email address or user name below and a new password will be sent to the email address associated with your profile.
How to get the most out of the forum