Hi guys,
I've just started playing with the new 2.4.21 Debian kernel IPSEC stuff
and have quickly ran into problems. I've been using FreeS/WAN for years
and understand VPNs pretty well, but the setkey stuff is new to me and I
expect I'm doing something wrong or expecting the wrong thing.
I've concentrated on setting things up manually before fiddling with
racoon.
I haven't been able to get Linux to send any ESP packets at all yet.
add 192.168.0.145 192.168.0.143 esp 24501 -E 3des-cbc "123456789012123456789012";
spdadd 192.168.0.145 192.168.0.143 any -P out ipsec esp/transport//require;
results in the following policy:
192.168.0.145[any] 192.168.0.143[any] any
out none
created: Aug 28 13:25:03 2003 lastused:
lifetime: 0(s) validtime: 0(s)
spid=489 seq=0 pid=19023
refcnt=1
Why "out none" ? I specified "-P out ipsec".
If I specify "-P out discard" it works.
Any clue? Am I doing something wrong or is something broken?
John.
--
GPG KEY: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047
HTTP: http://www.johnleach.co.uk
Attachment:
signature.asc
Description: This is a digitally signed message part