[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

2.4.21 IPSEC problems

Hi guys,

I've just started playing with the new 2.4.21 Debian kernel IPSEC stuff
and have quickly ran into problems.  I've been using FreeS/WAN for years
and understand VPNs pretty well, but the setkey stuff is new to me and I
expect I'm doing something wrong or expecting the wrong thing.

I've concentrated on setting things up manually before fiddling with

I haven't been able to get Linux to send any ESP packets at all yet.

add esp 24501 -E 3des-cbc "123456789012123456789012";
spdadd any -P out ipsec esp/transport//require;

results in the following policy:[any][any] any
        out none
        created: Aug 28 13:25:03 2003  lastused:
        lifetime: 0(s) validtime: 0(s)
        spid=489 seq=0 pid=19023

Why "out none" ?  I specified "-P out ipsec".
If I specify "-P out discard" it works.

Any clue?  Am I doing something wrong or is something broken?


GPG KEY: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047
   HTTP: http://www.johnleach.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: