Re: IPSec troubles
From: Bjoern A. Zeeb (bzeeb-lists_at_lists.zabbadoz.net)
Date: 03/30/04
- Previous message: Hajimu UMEMOTO: "Re: IPSec troubles"
- In reply to: Hajimu UMEMOTO: "Re: IPSec troubles"
- Next in thread: Hajimu UMEMOTO: "Re: IPSec troubles"
- Reply: Hajimu UMEMOTO: "Re: IPSec troubles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 30 Mar 2004 13:15:34 +0000 (UTC) To: Hajimu UMEMOTO <ume@FreeBSD.org>
On Tue, 30 Mar 2004, Hajimu UMEMOTO wrote:
Hi,
> >>>>> On Tue, 30 Mar 2004 12:33:08 +0000 (UTC)
> >>>>> "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> said:
>
> bzeeb> What I had to do had been "excluding IKE traffic" by doing s.th.
> bzeeb> like this (router side config):
> bzeeb> spdadd ROUTER[500] NOTEBOOK[500] udp
> bzeeb> -P out none ;
> bzeeb> spdadd NOTEBOOK[500] ROUTER[500] udp
> bzeeb> -P in none ;
> bzeeb> This for sure is not the most nifty way to do but it works.
>
> The per socket security policy is broken under 5.2.1-RELEASE, and it
> was fixed in 5-CURRENT. Racoon uses it to exclude IKE packets from
> target of IPsec. So, the bzeeb's way should work for workaround.
just for the archives (and to let me sleep well again ;-) can you
please point me to the commit in question ?
Thanks.
-- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/ _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Hajimu UMEMOTO: "Re: IPSec troubles"
- In reply to: Hajimu UMEMOTO: "Re: IPSec troubles"
- Next in thread: Hajimu UMEMOTO: "Re: IPSec troubles"
- Reply: Hajimu UMEMOTO: "Re: IPSec troubles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
