Date: Mon, 12 Apr 2004 22:00:42 -0700 (PDT) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/65474: IPSEC filters outbound ISAKMP traffic and IPSEC negotiation fails. Message-ID: <200404130500.i3D50ghX070323@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/65474; it has been noted by GNATS. From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Timothy Ham <tham@nth-order.com> Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/65474: IPSEC filters outbound ISAKMP traffic and IPSEC negotiation fails. Date: Tue, 13 Apr 2004 04:49:36 +0000 (UTC) On Mon, 12 Apr 2004, Timothy Ham wrote: > >Number: 65474 > >Category: kern > > >Fix: > Un-safe workaround: instead of "require" policy, use "use". exclude IKE traffic from your policy before your other rules is a better workaround I think because you can still use /require for the other rules then. Please see the end of follwoing thread how to do the above and in which revisions your problem got fixed by Hajimu Umemoto. http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003542.html -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200404130500.i3D50ghX070323>