Bug 206775 - security/ipsec-tools: racoonctl doesn't work with default options
Summary: security/ipsec-tools: racoonctl doesn't work with default options
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: VANHULLEBUS Yvan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-31 04:36 UTC by rallenh
Modified: 2018-01-11 04:09 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (vanhu)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description rallenh 2016-01-31 04:36:49 UTC
It appears that at some point, the control socket feature was turned off by default.

From the commit log circa 03 May 2006 16:01:58:
- extend CONFIGURE_ARGS to set the directory for the adminport socket
  * Note: racoonctl is useless without adminport enabled
  * create the socket dir in post-install

The current option list:
ADMINPORT=off: Enable Admin port

You can't look at the state of any tunnels/flows without racoonctl.

Is there a reason why this isn't on by default? Then I could use pkg install IPsec-tools vs building it myself.

Error message when ipsec-tools is built without the control socket feature:
2016-01-30 23:25:13: WARNING: cftoken.l:712:yywarn(): /usr/local/etc/racoon/racoon.conf:18: "0660" admin port support not compiled in
Comment 1 w.schwarzenfeld freebsd_triage 2018-01-09 15:14:38 UTC
Is this still a problem?
Comment 2 rallenh 2018-01-11 01:06:49 UTC
I am building it myself still via ports. I have changed the options to turn on ADMINPORT.

$ head /var/db/ports/security_ipsec-tools/options 
# This file is auto-generated by 'make config'.
# Options for ipsec-tools-0.8.2_1
_OPTIONS_READ=ipsec-tools-0.8.2_1
_FILE_COMPLETE_OPTIONS_LIST=ADMINPORT DEBUG DOCS DPD EXAMPLES FRAG GSSAPI HYBRID IDEA IPV6 LDAP NATT NATTF PAM RADIUS RC5 SAUNSPEC STATS WCPSKEY
OPTIONS_FILE_SET+=ADMINPORT
OPTIONS_FILE_SET+=DEBUG
OPTIONS_FILE_SET+=DOCS
OPTIONS_FILE_SET+=DPD
OPTIONS_FILE_SET+=EXAMPLES
OPTIONS_FILE_SET+=FRAG

How do you use ipsec-tools if racoonctl won't work? How do you inspect the flows?
Comment 3 w.schwarzenfeld freebsd_triage 2018-01-11 04:09:37 UTC
Maintainer timeout?
I see there nine  more bugs open.
There a lot of problems with ipsec.
#217531 #219117 #221884 #222065 #212224 #212225 #211719 #222065 #203308