Hi Herbert, I built against the Debian 2.4.21 kernel sources and this worked a treat. Thanks very much for the help (sorry for the long response delay). For anyone else with the same problem, I modified and rebuilt the ipsec-tools Debian package and put it online. I only have a powerpc build on there at the moment, but the source stuff is there so you can rebuild. http://www.johnleach.co.uk/downloads/ipsec-tools/ Or alternatively just grab the ipsec tools and drop the include/linux and include/net directories in the ipsec-tools-0.2.2/kernel dir. Is this a bug in the Debian package? or does a separate package need to be created? Shall I contact the package maintainer? (Wichert Akkerman) John. On Fri, 2003-08-29 at 13:49, Herbert Xu wrote: > John Leach <john@johnleach.co.uk> wrote: > > > > I haven't been able to get Linux to send any ESP packets at all yet. > > > > add 192.168.0.145 192.168.0.143 esp 24501 -E 3des-cbc "123456789012123456789012"; > > spdadd 192.168.0.145 192.168.0.143 any -P out ipsec esp/transport//require; > > > > results in the following policy: > > > > 192.168.0.145[any] 192.168.0.143[any] any > > out none > > created: Aug 28 13:25:03 2003 lastused: > > lifetime: 0(s) validtime: 0(s) > > spid=489 seq=0 pid=19023 > > refcnt=1 > > > > Why "out none" ? I specified "-P out ipsec". > > If I specify "-P out discard" it works. > > > > Any clue? Am I doing something wrong or is something broken? > > Your setkey command is probably incompatible with your kernel. > > Try recompiling setkey from the upstream source. If you use the > Debian source then you must make sure that the header files are > really coming from the kernel as opposed to the copy included in > the Debian package. -- GPG KEY: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047 HTTP: http://www.johnleach.co.uk
Attachment:
signature.asc
Description: This is a digitally signed message part