IPSec troubles
Hajimu UMEMOTO
ume at FreeBSD.org
Tue Mar 30 05:02:42 PST 2004
Hi,
>>>>> On Tue, 30 Mar 2004 12:33:08 +0000 (UTC)
>>>>> "Bjoern A. Zeeb" <bzeeb-lists at lists.zabbadoz.net> said:
bzeeb> What I had to do had been "excluding IKE traffic" by doing s.th.
bzeeb> like this (router side config):
bzeeb> spdadd ROUTER[500] NOTEBOOK[500] udp
bzeeb> -P out none ;
bzeeb> spdadd NOTEBOOK[500] ROUTER[500] udp
bzeeb> -P in none ;
bzeeb> This for sure is not the most nifty way to do but it works.
The per socket security policy is broken under 5.2.1-RELEASE, and it
was fixed in 5-CURRENT. Racoon uses it to exclude IKE packets from
target of IPsec. So, the bzeeb's way should work for workaround.
Sincerely,
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume at mahoroba.org ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/
More information about the freebsd-net
mailing list