Single IP host and IPsec tunnel mode experience
Jacques A. Vidrine
nectar at FreeBSD.org
Sun Apr 20 16:27:48 PDT 2003
On Sun, Apr 20, 2003 at 01:59:01PM -0700, Crist J. Clark wrote:
> Yep, I can reproduce that. This setup,
[...]
> Works great with the apropriate swapping in the SPD on the other end
> of the tunnel. However, do the following to both,
>
> bubbles# ed bubbles.spd
> g/esp/s/esp/ah/
> g/-E/s/^/#/
> wq
> bubbles# setkey -F; setkey -FP; setkey -f bubbles.spd
>
> And things do not work. The sender seems to work fine, but the
> receiver increments the,
>
> "inbound packets violated process security policy"
>
> Counter. But the really puzzling part is that it increments the,
>
> "inbound packets processed successfully" (which I think I understand)
> "inbound packets considered authentic" (which I do not)
>
> Counters too.
>
> Your conjecture that it may be somehow processing inbound packets
> twice may be on the right track.
Thanks for double-checking, Crist. Unfortunately I don't have the
cycles right now to track it down. I hope anyone who encounters the
same issue will come across this thread in the archives.
Cheers,
--
Jacques A. Vidrine <nectar at celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the freebsd-hackers
mailing list