Date: Tue, 30 Mar 2004 22:03:07 +0900 From: Hajimu UMEMOTO <ume@FreeBSD.org> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: Cyrill =?ISO-8859-1?Q?R=FCttimann?= <ruettimac@mac.com> Subject: Re: IPSec troubles Message-ID: <yge8yhipjw4.wl%ume@FreeBSD.org> In-Reply-To: <Pine.BSF.4.53.0403301225030.714@e0-0.zab2.int.zabbadoz.net> References: <257C203C-8104-11D8-9902-00039303AB38@mac.com> <Pine.BSF.4.53.0403301115370.714@e0-0.zab2.int.zabbadoz.net> <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com> <Pine.BSF.4.53.0403301225030.714@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, >>>>> On Tue, 30 Mar 2004 12:33:08 +0000 (UTC) >>>>> "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> said: bzeeb> What I had to do had been "excluding IKE traffic" by doing s.th. bzeeb> like this (router side config): bzeeb> spdadd ROUTER[500] NOTEBOOK[500] udp bzeeb> -P out none ; bzeeb> spdadd NOTEBOOK[500] ROUTER[500] udp bzeeb> -P in none ; bzeeb> This for sure is not the most nifty way to do but it works. The per socket security policy is broken under 5.2.1-RELEASE, and it was fixed in 5-CURRENT. Racoon uses it to exclude IKE packets from target of IPsec. So, the bzeeb's way should work for workaround. Sincerely, -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?yge8yhipjw4.wl%ume>