It appears that at some point, the control socket feature was turned off by default. From the commit log circa 03 May 2006 16:01:58: - extend CONFIGURE_ARGS to set the directory for the adminport socket * Note: racoonctl is useless without adminport enabled * create the socket dir in post-install The current option list: ADMINPORT=off: Enable Admin port You can't look at the state of any tunnels/flows without racoonctl. Is there a reason why this isn't on by default? Then I could use pkg install IPsec-tools vs building it myself. Error message when ipsec-tools is built without the control socket feature: 2016-01-30 23:25:13: WARNING: cftoken.l:712:yywarn(): /usr/local/etc/racoon/racoon.conf:18: "0660" admin port support not compiled in
Is this still a problem?
I am building it myself still via ports. I have changed the options to turn on ADMINPORT. $ head /var/db/ports/security_ipsec-tools/options # This file is auto-generated by 'make config'. # Options for ipsec-tools-0.8.2_1 _OPTIONS_READ=ipsec-tools-0.8.2_1 _FILE_COMPLETE_OPTIONS_LIST=ADMINPORT DEBUG DOCS DPD EXAMPLES FRAG GSSAPI HYBRID IDEA IPV6 LDAP NATT NATTF PAM RADIUS RC5 SAUNSPEC STATS WCPSKEY OPTIONS_FILE_SET+=ADMINPORT OPTIONS_FILE_SET+=DEBUG OPTIONS_FILE_SET+=DOCS OPTIONS_FILE_SET+=DPD OPTIONS_FILE_SET+=EXAMPLES OPTIONS_FILE_SET+=FRAG How do you use ipsec-tools if racoonctl won't work? How do you inspect the flows?
Maintainer timeout? I see there nine more bugs open. There a lot of problems with ipsec. #217531 #219117 #221884 #222065 #212224 #212225 #211719 #222065 #203308