[Bug 213869] when setting an ipsec policy with spdadd src[port], outbound traffic from 2049/tcp is not encrypted
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Jan 17 20:38:30 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213869
--- Comment #13 from Andrey V. Elsukov <ae at FreeBSD.org> ---
(In reply to Jason Mader from comment #12)
> There might still be a bug even after the patch. I'm using the patch on an
> NFSv4 server, and encountered a new NFSv4 mount that did not work. So I
> reverted to [any] on the source in the policy and got the mount to succeed.
>
> 19:23:21.702627 IP6 coconut > safe: ESP(spi=0xb04a3109,seq=0x7), length 76
> 19:23:21.702666 IP6 safe.nfsd > coconut.849: Flags [S.], seq 3009240135, ack
> 1156380226, win 65535, options [mss 1440,nop,wscale 9,sackOK,TS val
> 182932015 ecr 615648], length 0
At least I need the policies list at time when it doesn't work. Do you use some
IKEd?
It would be good if you try to reproduce this problem with projects/ipsec. You
can apply the patch to stable/11 with 'svn patch':
https://lists.freebsd.org/pipermail/freebsd-net/2017-January/046888.html
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-net
mailing list