It appears that at some point, the control socket feature was turned off by default.
From the commit log circa 03 May 2006 16:01:58:
- extend CONFIGURE_ARGS to set the directory for the adminport socket
* Note: racoonctl is useless without adminport enabled
* create the socket dir in post-install
The current option list:
ADMINPORT=off: Enable Admin port
You can't look at the state of any tunnels/flows without racoonctl.
Is there a reason why this isn't on by default? Then I could use pkg install IPsec-tools vs building it myself.
Error message when ipsec-tools is built without the control socket feature:
2016-01-30 23:25:13: WARNING: cftoken.l:712:yywarn(): /usr/local/etc/racoon/racoon.conf:18: "0660" admin port support not compiled in
Is this still a problem?
I am building it myself still via ports. I have changed the options to turn on ADMINPORT.
$ head /var/db/ports/security_ipsec-tools/options
# This file is auto-generated by 'make config'.
# Options for ipsec-tools-0.8.2_1
_FILE_COMPLETE_OPTIONS_LIST=ADMINPORT DEBUG DOCS DPD EXAMPLES FRAG GSSAPI HYBRID IDEA IPV6 LDAP NATT NATTF PAM RADIUS RC5 SAUNSPEC STATS WCPSKEY
How do you use ipsec-tools if racoonctl won't work? How do you inspect the flows?
I see there nine more bugs open.
There a lot of problems with ipsec.
#217531 #219117 #221884 #222065 #212224 #212225 #211719 #222065 #203308