Re: IPPROTO_ESP and vpnc

To: Jason Mitchell <jmitchel%bigjar.com@localhost>
Subject: Re: IPPROTO_ESP and vpnc
From: matthew sporleder <msporleder%gmail.com@localhost>
Date: Tue, 5 Apr 2011 22:20:56 -0400

> On 04/05/2011 03:29 PM, matthew sporleder wrote:
>>
>> I'm trying to use vpnc and getting the following error:
>> socket(PF_INET, SOCK_RAW, IPPROTO_ESP): Protocol not supported
>>
>>
>> I wrote the following test program and get the same thing:
>>
>> #include<stdio.h>
>> #include<sys/socket.h>
>> #include<netinet/in.h>
>> #include<errno.h>
>> #include<string.h>
>>
>> int main(int argc, char *argv[])
>> {
>>   int sock;
>>   sock = socket(PF_INET, SOCK_RAW, IPPROTO_ESP);
>>   if ( sock<  0 )
>>   {
>>     perror("sock problem");
>>   }
>>
>> }
>>
>> Is this because my kernel has IPSEC commented out?
>>
>> Thanks,
>> Matt
>>
>
>

On Tue, Apr 5, 2011 at 9:45 PM, Jason Mitchell <jmitchel%bigjar.com@localhost> 
wrote:
> Matt,
>
> I don't know why you're getting the error, but you can't have ESP enabled in
> the kernel if you want to run vpnc. If ESP is enabled in the kernel then the
> kernel will grab the ESP packets and they won't ever get to vpnc running in
> userland. I just verified that.
>
>


Okay, that's helpful.  I am also unable to create a IPPROTO_AH socket.

I'm not sure if I should blame xen or something else.

Follow-Ups:
- Re: IPPROTO_ESP and vpnc
  - From: Michael van Elst

References:
- IPPROTO_ESP and vpnc
  - From: matthew sporleder
- Re: IPPROTO_ESP and vpnc
  - From: Jason Mitchell

Prev by Date: Re: IPPROTO_ESP and vpnc
Next by Date: Re: IPPROTO_ESP and vpnc
Previous by Thread: Re: IPPROTO_ESP and vpnc
Next by Thread: Re: IPPROTO_ESP and vpnc
Indexes:

Home | Main Index | Thread Index | Old Index