Date: Tue, 02 Dec 2008 10:22:56 +0800 From: wang_jiabo <jiabwang@redhat.com> To: freebsd-net@freebsd.org Subject: [ipsec] why did not freebsd6.3 support icmp6 echo request on tunnel mode ? it is ok on transport mode. Message-ID: <49349C00.5080902@redhat.com>
next in thread | raw e-mail | index | archive | help
Hello, all: the following configuration is my setkey info. when I run " setkey -f filename", system report "the result of line 4 :Invalid argument. the result of line 6 : Invalid argument." change "icmp6 128,0" to "icmp6 or any" , that is no problem . or change "tunnel" to "transport" , that is no problem. I do not know why , but the following configuration is no problem on RHEL5.2 that FreeBSD6.3 need patch ? could you give me explain Thank you very much flush; spdflush; add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m tunnel -E 3des-cbc "ipv6readylogo3des1to2req" -A hmac-sha1 “ipv6readysha11to2req”; spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc icmp6 128,0 -P in ipsec esp/tunnel/3ffe:501:ffff:103:20a:ebff:fe85:9e56-3ffe:501:ffff:104:21d:fff:fe19:59fc/require; add 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m tunnel -E 3des-cbc "ipv6readylogo3des2to1req" -A hmac-sha1 “ipv6readysha12to1req”; spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 icmp6 128,0 -P out ipsec esp/tunnel/3ffe:501:ffff:104:21d:fff:fe19:59fc-3ffe:501:ffff:103:20a:ebff:fe85:9e56/require;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49349C00.5080902>