[Bug 213869] when setting an ipsec policy with spdadd src[port], outbound traffic from 2049/tcp is not encrypted
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Jan 8 03:51:28 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213869
--- Comment #9 from Jason Mader <jasonmader at gmail.com> ---
Comment on attachment 178602
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=178602
Proposed patch (untested)
This worked for me.
root at safety:/usr/src/sys/netipsec # patch < ~/ipsec.c.diff
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|Index: sys/netipsec/ipsec.c
|===================================================================
|--- sys/netipsec/ipsec.c (revision 311647)
|+++ sys/netipsec/ipsec.c (working copy)
--------------------------
Patching file ipsec.c using Plan A...
Hunk #1 succeeded at 241.
Hunk #2 succeeded at 344 (offset 1 line).
Hunk #3 succeeded at 501 (offset 1 line).
Hunk #4 succeeded at 511 (offset 1 line).
done
root at safety:~ # setkey -DP
fe80::%em0/64[any] fe80::a00:27ff:fefc:de09%em0[2049] tcp
in ipsec
esp/transport//require
spid=1 seq=1 pid=806
refcnt=1
fe80::a00:27ff:fefc:de09%em0[2049] fe80::%em0/64[any] tcp
out ipsec
esp/transport//require
spid=2 seq=0 pid=806
refcnt=1
I was able to NFSv4 mount a filesystem, and tcpdump is showing me that
everything is ESP.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list