# Ipsec-tools



## thein (Nov 16, 2016)

Hello anybody,
How to compile source pack ipsec-tools-0.8.2 on FreeBSD 10.2?
Which package requirements for compile this?
I want too add ipsec-tools to new cipher encryption algorithm.


----------



## SirDice (Nov 16, 2016)

Handbook: Chapter 4. Installing Applications: Packages and Ports

security/ipsec-tools


----------



## thein (Nov 17, 2016)

```
./configure
ng for a thread-safe mkdir -p... ./install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for gcc... no
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checki whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking whether cc understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style .. gcc3
checking how to run the C preprocessor... cc -E
checking for grep that handles long lines and -e... /usr/bin/grepecking for egrep... /usr/bin/grep -E
checking for ANSI C header s... yes
checking build system type... armv6-unknown-freebsd11.0
checking host system type... armv6-unknown-freebsd11.0
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for fgrep..r/bin/grep -F
checking for ld used by cc... /usr/bin/ld
checking the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm
checking the name lister (/usr/bin/nm) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command lirguments... 196608
checking whether the shell understands some XSstructs... yes
checking whether the shell understands "+="... nocking how to convert armv6-unknown-freebsd11.0 file names to armv6-unknown-freebsd11.0 format... func_convert_file_noop
ccking how to convert armv6-unknown-freebsd11.0 file names to toolformat... func_convert_file_noop
checking for /usr/bin/ld optionload object files... -r
checking for objdump... objdump
checkingto recognize dependent libraries... pass_all
checking for dlltool. no
checking how to associate runtime and link libraries... pri %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
c command to parse /usr/bin/nm output from cc object... ok
checking for sysroot... no
checking for mt... mt
checking if mt is a manifest tool... no
checking for sys/types.h... yes
cheor sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.. yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if cc supports -fno-rtti -fno-exceptions... yes
checking for cc option to produce PIC... -fPIC -DPIC
checking if cc PIC flag -fPIC -DPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking if cc supports -c -o file.o... (cached) yes
checking whether the cc linusr/bin/ld) supports shared libraries... yes
checking dynamic linker characteristics... freebsd11.0 ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... no
checking if libtool supports shared libraries... yes
checking whether to build sred libraries... no
checking whether to build static libraries... yes
checking for bison... no
checking for byacc... byacc
checking for flex... flex
checking lex output file root... lex.yy
checking lex library... -lfl
checking whether yytext is a pointer... yes
checking for egrep... (cached) /usr/bin/grE
checking net/pfkeyv2.h usability... yes
checking net/pfkeyv2.h esence... yes
checking for net/pfkeyv2.h... yes
checking netinet/ipsec.h usability... no
checking netinet/ipsec.h presence... no
checking for netinet/ipsec.h... no
checking netisec.h usability... no
checking netinet6/ipsec.h presence... no
checking for netinet6/ipsec.h... no
checking netipsec/ipsec.h usab... yes
checking netipsec/ipsec.h presence... yes
checking for netipsec/ipsec.h... yes
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking limits.h usability... yes
checking.h presence... yes
checking for limits.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking stdarg.h usability... yes
checking stdresence... yes
checking for stdarg.h... yes
checking varargs.h usability... no
checking varargs.h presence... no
checking for vags.h... no
checking shadow.h usability... no
checking shadow.h pesence... no
checking for shadow.h... no
checking for an ANSI C-cng const... yes
checking for pid_t... yes
checking for size_t... yes
checking whether time.h and sys/time.h may both be incled... yes
checking whether struct tm is in sys/time.h or time.h..h
checking for working memcmp... yes
checking return type of signal handlers... void
checking for vprintf... yes
checkinor _doprnt... no
checking for gettimeofday... yes
checking for se... yes
checking for socket... yes
checking for strerror... yes
checking for strtol... yes
checking for strtoul... yes
checkinor strlcpy... yes
checking for strlcat... yes
checking for strdup... yes
checking for an implementation of va_copy()... yes
checking if printf accepts %z... yes
checking if __func__ is available... yes
checking if readline support is requested... yes
checking readline/readline.h usability... no
cing readline/readline.h presence... no
checking for readline/readline.h... no
checking if --with-flex option is specifierdefault
checking if --with-flexlib option is specified... defaulchecking if --with-openssl option is specified... default
checki openssl version... ok
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking openssl/aes.h usability... yes
checking openssl/aes.h presence... yes
checking for openssl/aes.h... yes
checking sha2 support... yes
checking opens/sha2.h usability... no
checking openssl/sha2.h presence... no
ccking for openssl/sha2.h... no
checking if sha2 is defined in openssl/sha.h... yes
checking openssl/camellia.h usability.. yes
checking openssl/camellia.h presence... yes
checking for openssl/camellia.h... yes
checking if --enable-adminport option is specified... no
checking if --enable-rc5 option is specified... no
checking if --enable-idea option is specified... no
checking for crypto containing MD5_Init... -lcrypto
checking for util containing login... no
checking if --with-libiconv option is specified... no
checking if --enable-hybrid option is specified... no
checking if --enable-frag optio specified... no
checking if --with-libradius option is specified... no
checking if --with-libpam option is specified...no
checking if --with-libldap option is specified... no
checking if --enable-gssapi option is specified... no
checking for knfig... /usr/bin/krb5-config
checking if --enable-stats option is specified... no
checking if --enable-dpd option is specified... no
checking if --enable-samode-unspec option is specified... no
checking whether to enable ipv6... yes
checking for advanI support... yes
checking getaddrinfo bug... good
checking kerne-Traversal support... checking for struct sadb_x_nat_t_type.sadb_x_nat_t_type_len... yes
yes
checking whether to support NAT-T... no
checking which NAT-T versions to support... none
checking if --enable-broken-natt option is specified... no
checking whether we support FWD policy... no
checking for ipsec_policy_t... no
checking kernel Security Context support... no
checking selinux/selinux.h usability... no
checking selinux/selinux.h presence... no
checking for selinux/selinux.h... no
checking whether to support Security Context... no
checking for rt containing clock_gettime... none required
checking for monotonic system clock... yes
checking that generales are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating package_version.h
config.status: creating src/Makefile
config.status: creating src/include-glibc/Makefile
config.status: creating src/libipsec/Makefile
config.status: creating src/setkey/Makefile
config.status: creating src/racoon/Makle
config.status: creating src/racoon/samples/psk.txt
config.status: creating src/racoon/samples/racoon.conf
config.status: creating rpm/Makefile
config.status: creating rpm/suse/Makefile
config.status: creating rpm/suse/ipsec-tools.spec
config.status: creating config.h
config.status: config.h is unchanged
config.status: executing depfiles commands
config.status: executing libtool commands

[cmd]make[/cmd]
ll-recursive
Making all in src
Making all in libipsec
make  all-am
/bin/sh ../../libtool  --tag=CC    --mode=compile cc -DHAVE_CONFIG_H  -I. -I../..   -I../../src/racoon/ing   -g -O2  -Wall -Werror -Wno-unused -MT ipsec_dump_policy.lo -MD -MP -MF .deps/ipsec_dump_policy.Tpo -c -o ipsec_dump.lo ipsec_dump_policy.c
libtool: compile:  cc -DHAVE_CONFIG_H -I-I../.. -I../../src/racoon/missing -g -O2 -Wall -Werror -Wno-unusd -MT ipsec_dump_policy.lo -MD -MP -MF .deps/ipsec_dump_policy.Tpo -c ipsec_dump_policy.c -o ipsec_dump_policy.o
mv -f .dec_dump_policy.Tpo .deps/ipsec_dump_policy.Plo
/bin/sh ../../libt  --tag=CC    --mode=compile cc -DHAVE_CONFIG_H  -I. -I../..   -I../../src/racoon/missing   -g -O2  -Wall -Werror -Wno-unused -MT ips _policylen.lo -MD -MP -MF .deps/ipsec_get_policylen.Tpo -c -o ipget_policylen.lo ipsec_get_policylen.c
libtool: compile:  cc -DHCONFIG_H -I. -I../.. -I../../src/racoon/missing -g -O2 -Wall -Wero-unused -MT ipsec_get_policylen.lo -MD -MP -MF .deps/ipsec_get_policylen.Tpo -c ipsec_get_policylen.c -o ipsec_get_policylen.o
mv -f .deps/ipsec_get_policylen.Tpo .deps/ipsec_get_policylen.Plo
/bin/sh ../../libtool  --tag=CC    --mode=compile cc -DHAVE_CONFIG_H  -I. -I../..   -I../../src/racoon/missing   -g -O2  -Wall -Werror -Wno-unused -MT ipsec_strerror.lo-MP -MF .deps/ipsec_strerror.Tpo -c -o ipsec_strerror.lo ipsec_s.c
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../.. -I../../src/racoon/missing -g -O2 -Wall -Werror -Wno-unused -MT ipsec_strerr r.lo -MD -MP -MF .deps/ipsec_strerror.Tpo -c ipsec_strerror.c -o_strerror.o
mv -f .deps/ipsec_strerror.Tpo .deps/ipsec_strerror.Plo
/bin/sh ../../libtool  --tag=CC    --mode=compile cc -DHAVEIG_H  -I. -I../..   -I../../src/racoon/missing   -g -O2  -Wall -Werror -Wno-unused -MT key_debug.lo -MD -MP -MF .deps/key_debug.Tpo -c -o key_debug.lo key_debug.c
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../.. -I../../src/racoon/missing -g -O2 -Wall -Werror -Wno-unused -MT key_debug.lo -MD -MP -MF .deps/key_debug.Tpo -c key_debug.c -o key_debug.o
mv -f .deps/kg.Tpo .deps/key_debug.Plo
/bin/sh ../../libtool  --tag=CC    --mode=compile cc -DHAVE_CONFIG_H  -I. -I../..   -I../../src/racoon/missing   -g -O2  -Wall -Werror -Wno-unused -MT pfklo -MD -MP -MF .deps/pfkey.Tpo -c -o pfkey.lo pfkey.c
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../.. -I../../src/racoon/missing -g -O2 -Wall -Werror -Wno-unused -MT pfkey.lo -MD -MP -MF .deps/pfkey.Tpo -c pfkey.c -o pfkey.o
mv -f .deps/pfkey.Tp/pfkey.Plo
/bin/sh ../../libtool  --tag=CC    --mode=compile cc CONFIG_H  -I. -I../..   -I../../src/racoon/missing   -g -O2  -Wall -Werror -Wno-unused -MT pfkey_dump.lo -MD -MP -MF .dekey_dump.Tpo -c -o pfkey_dump.lo pfkey_dump.c
libtool: compile:  -DHAVE_CONFIG_H -I. -I../.. -I../../src/racoon/missing -g -O2 -Wall -Werror -Wno-unused -MT pfkey_dump.lo -MD -MP -MF .ps/pfkey_dump.Tpo -c pfkey_dump.c -o pfkey_dump.o
mv -f .deps/pfkey_dump.Tpo .deps/pfkey_dump.Plo
/bin/sh ../../libtool  --tag=CC    --mode=compile cc -DHAVE_CONFIG_H  -I. -I../..   -I../../src/racoon/missing   -g -O2  -Wall -Werror -Wno-unused -Mlicy_parse.lo -MD -MP -MF .deps/policy_parse.Tpo -c -o policy_parse.lo policy_parse.c
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../.. -I../../src/racoon/missing -g -O2 -Wall -Werror -Wno-unused -MT policy_parse.lo -MD -MP -MF .deps/policy_parse.Tpo -c policy_parse.c -o policy_parse.o
mv -f .deps/policy_parseo .deps/policy_parse.Plo
/bin/sh ../../libtool  --tag=CC    --modle cc -DHAVE_CONFIG_H  -I. -I../..   -I../../src/racoon/missing   -g -O2  -Wall -Werror -Wno-unused -MT policy_token.lo -MD -MP -MF .deps/policy_token.Tpo -c -o policy_token.lo policy_token.c
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../.. -I../../src/racoon/missing -g -O2 -Wall -Werror -Wno-unused -MT policy_token.lo -MD -MP -MF .deps/policy_token.Tpo -c policy_too policy_token.o
mv -f .deps/policy_token.Tpo .deps/policy_token.Plo
/bin/sh ../../libtool  --tag=CC    --mode=link cc  -g -OWall -Werror -Wno-unused  -version-info 0:1:0  -o libipsec.la -rsr/local/lib ipsec_dump_policy.lo ipsec_get_policylen.lo  ipsec_strerror.lo key_debug.lo pfkey.lo pfkey_dump.lo  policy_parse.lo policy_token.lo -lfl -lcrypto
libtool: link: ar cru .libs/libipsec.a  ipsec_dump_policy.o ipsec_get_policylen.o ipsec_stror.o key_debug.o pfkey.o pfkey_dump.o policy_parse.o policy_token.o
libtool: link: ranlib .libs/libipsec.a
libtool: link: ( cd ".libs" && rm -f "libipsec.la" && ln -s "../libips" "libipsec.la" )
Making all in setkey
make  all-am
cc -DHAVE_CO-I. -I../..    -I../../src/racoon/missing -I../../src/libipsec -g -O2  -Wall -Werror -Wno-unused -MT setkey.o -MD -MP -MF .deps/setkey.Tpo -c -o setkey.o setkey.c
mv -f .deps/setkey.Tpo .deps/setkey.Po
cc -DHAVE_CONFIG_H -I. -I../..  ../src/racoon/missing -I../../src/libipsec -g -O2  -Wall -Werror -Wno-unused -MT parse.o -MD -MP -MF .deps/parse.Tpo -c -o o parse.c
mv -f .deps/parse.Tpo .deps/parse.Po
cc -DHAVE_CONFIG_H -I. -I../..    -I../../src/racoon/missing -I../../src/lpsec -g -O2  -Wall -Werror -Wno-unused -MT token.o -MD -MP -MF .deps/token.Tpo -c -o token.o token.c
mv -f .deps/token.Tpo eps/token.Po
/bin/sh ../../libtool  --tag=CC    --mode=link cc -I../../src/libipsec -g -O2  -Wall -Werror -Wno-unused  ../libipsec/libipsec.la  -o setkey setkey.o parse.o token.o -lfl -lcrypto
libtool: link: cc -I../../src/libipsec -g -O2 -error -Wno-unused -o setkey setkey.o parse.o token.o  ../libipsec/.libs/libipsec.a -lfl -lcrypto
Making all in racoon
make  all-am
/bin/sh ../../libtool  --tag=CC   --mode=compile cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec  -I../../src/racoon/ssing -DNOUSE_PRIVSEP -D_GNU_SOURCE  -DSYSCONFDIR=\"/usr/local/e\"  -DADMINPORTDIR=\"/usr/local/var/racoon\" -g -O2  -Wall -Werror -Wno-unused -MT libracoon_la-kmpstat.lo -MD -MP -MF .deps/libra-kmpstat.Tpo -c -o libracoon_la-kmpstat.lo `test -f 'kmpstat.c' || echo './'`kmpstat.c
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec -I../../src/racoon/missing -DNOUSE_PRIVSEP -D_GNU_SOURCE -DSYSCONFDIR=\"/usr/local/etc\" -DADMINP\"/usr/local/var/racoon\" -g -O2 -Wall -Werror -Wno-unused -MT libracoon_la-kmpstat.lo -MD -MP -MF .deps/libracoon_la-kmpstat.T -c kmpstat.c -o libracoon_la-kmpstat.o
mv -f .deps/libracoon_lastat.Tpo .deps/libracoon_la-kmpstat.Plo
/bin/sh ../../libtool  --tag=CC   --mode=compile cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec  -I../../src/racoon/missing -DNOUSE_PRIVSEP -D_GNU_SOURCE  -DSYSCONFDIR=\"/usr/local/etc\"  -DADMINPORTDIR=\"/usr/local/var/racoon\" -g -O2  -Wall -Werror -Wno-unused -MToon_la-vmbuf.lo -MD -MP -MF .deps/libracoon_la-vmbuf.Tpo -c -o li_la-vmbuf.lo `test -f 'vmbuf.c' || echo './'`vmbuf.c
libtool: co cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec -I../../src/racon/missing -DNOUSE_PRIVSEP -D_GNU_SOURCE -DSYSCONFDIR=\"/usr/localetc\" -DADMINPORTDIR=\"/usr/local/var/racoon\" -g -O2 -Wall -Wero-unused -MT libracoon_la-vmbuf.lo -MD -MP -MF .deps/libracoon_laTpo -c vmbuf.c -o libracoon_la-vmbuf.o
mv -f .deps/libracoon_la-vmbuf.Tpo .deps/libracoon_la-vmbuf.Plo
/bin/sh ../../lib--tag=CC   --mode=compile cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec  -I../../src/racoon/missing -DNOUSE_PRIVSEP -D_GNU_SOURC DSYSCONFDIR=\"/usr/local/etc\"  -DADMINPORTDIR=\"/usr/local/var/oon\" -g -O2  -Wall -Werror -Wno-unused -MT libracoon_la-sockmisc.lo -MD -MP -MF .deps/libracoon_la-sockmisc.Tpo -c -o ln_la-sockmisc.lo `test -f 'sockmisc.c' || echo './'`sockmisc.c
licompile:  cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec -I../..coon/missing -DNOUSE_PRIVSEP -D_GNU_SOURCE -DSYSCONFDIR=\"/usr/lc\" -DADMINPORTDIR=\"/usr/local/var/racoon\" -g -O2 -Wall -Werror -Wno-unused -MT libracoon_la-sockmisc.lo -MD -MP -MF .deps/libracoon_la-sockmisc.Tpo -c sockmisc.c -o libracoon_la-sockmisc.o
deps/libracoon_la-sockmisc.Tpo .deps/libracoon_la-sockmisc.Plo
/../../libtool  --tag=CC   --mode=compile cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec  -I../../src/racoon/missing -DNOUSE_PRIVSEP -D_GNU_SOURCE  -DSYSCONFDIR=\"/usr/local/etc\"  -DATDIR=\"/usr/local/var/racoon\" -g -O2  -Wall -Werror -Wno-unused  libracoon_la-misc.lo -MD -MP -MF .deps/libracoon_la-misc.Tpo -c -o libracoon_la-misc.lo `test -f 'misc.c' || echo './'`misc.c
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec -I../../src/racoon/missing -DNOUSE_PRIVSEP -D_GNU_SOURCE -DSYSCONFDIR=\"/usr/local/etc\" -DADMINPORTDIR=\"/usr/ll/var/racoon\" -g -O2 -Wall -Werror -Wno-unused -MT libracoon_la-misc.lo -MD -MP -MF .deps/libracoon_la-misc.Tpo -c misc.c -o libracoon_la-misc.o
mv -f .deps/libracoon_la-misc.Tpo .deps/libracoon_la-misc.Plo
/bin/sh ../../libtool  --tag=CC    --modec -DNOUSE_PRIVSEP -D_GNU_SOURCE  -DSYSCONFDIR=\"/usr/local/etc\"  -DADMINPORTDIR=\"/usr/local/var/racoon\"  -g -O2  -Wall -Werror -Wno-unused -lcrypto  -o libracoon.la -rpath /usr/local/lib libracoon_la-kmpstat.lo  libracoon_la-vmbuf.lo liboon_la-sockmisc.lo  libracoon_la-misc.lo  -lcrypto
libtool: link: ar cru .libs/libracoon.a  libracoon_la-kmpstat.o libracooa-vmbuf.o libracoon_la-sockmisc.o libracoon_la-misc.o
libtool: link: ranlib .libs/libracoon.a
libtool: link: ( cd ".libs" && rm -f "libracoon.la" && ln -s "../libracoon.la" "librac )
cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec   -I../../src/racoon/missing -D_GNU_SOURCE  -DSYSCONFDIR=\"/usr/local/etc\"  -ORTDIR=\"/usr/local/var/racoon\" -g -O2  -Wall -Werror -Wno-unused -MT eaytest.o -MD -MP -MF .deps/eaytest.Tpo -c -o eaytest.o eaytest.c
eaytest.c:316:6: error: comparison of array 'dnstr_w1' not equal to a null pointer is always true [-Werror,-Wgical-pointer-compare]
        if (dnstr_w1 != NULL) {
         ~~~~    ~~~~
eaytest.c:326:6: error: comparison of array 'dnstr_wt equal to a null pointer is always true [-Werror,-Wtautological-pointer-compare]
        if (dnstr_w1 != NULL) {
            ^~~~~~~~    ~~~~
2 errors generated.
*** Error code 1

Stop.
make[4]: stopped in /root/ipsec-tools-0.8.2/src/racoon
*** Error code 1

Stop.
make[3]: stopped in /root/ipsec-tools-0.8.2/src/racoon
*** Error code 1

Stop.
make[2]: stopped in /root/ipss-0.8.2/src
*** Error code 1

Stop.
make[1]: stopped in /root/ipsec-tools-0.8.2
*** Error code 1

Stop.
make: stopped in /root/iols-0.8.2
```


----------



## thein (Nov 17, 2016)

make error get different on FreeBSD 10.2.
So anybody Which FreeBSD version and Which IPsec-tools? can compile smooth.

Which one can link with FreeBSD of setkey to IKE software?


----------



## kpa (Nov 17, 2016)

Your error is trying to use the upstream source directly without the FreeBSD patches. The port security/ipsec-tools is there for a good reason, it contains all the work that someone else has already done to make the Ipsec-tools to compile and work properly on FreeBSD. Use it.


----------



## nickbeee (Nov 21, 2016)

I've just updated my ports tree and compiled, no problems there. OP may also want to consider if they have a kernel built with IPSEC.


----------



## thein (Nov 22, 2016)

Thank,
I download ipsec-tools-0.8.2.tar.bz2 from sourceforget then past this directory /usr/ports/distfiles/ then went to /usr/ports/security/ipsec-tools/ use by make, after make in this directory /usr/ports/security/ipsec-tools/work/ipsec-tools-0.8.0.2/section/

All is ok.


----------

