Re: 2.4.21 IPSEC problems
John Leach <john@johnleach.co.uk> wrote:
>
> I haven't been able to get Linux to send any ESP packets at all yet.
>
> add 192.168.0.145 192.168.0.143 esp 24501 -E 3des-cbc "123456789012123456789012";
> spdadd 192.168.0.145 192.168.0.143 any -P out ipsec esp/transport//require;
>
> results in the following policy:
>
> 192.168.0.145[any] 192.168.0.143[any] any
> out none
> created: Aug 28 13:25:03 2003 lastused:
> lifetime: 0(s) validtime: 0(s)
> spid=489 seq=0 pid=19023
> refcnt=1
>
> Why "out none" ? I specified "-P out ipsec".
> If I specify "-P out discard" it works.
>
> Any clue? Am I doing something wrong or is something broken?
Your setkey command is probably incompatible with your kernel.
Try recompiling setkey from the upstream source. If you use the
Debian source then you must make sure that the header files are
really coming from the kernel as opposed to the copy included in
the Debian package.
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Reply to: