[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 2.4.21 IPSEC problems

John Leach <john@johnleach.co.uk> wrote:
> I haven't been able to get Linux to send any ESP packets at all yet.
> add esp 24501 -E 3des-cbc "123456789012123456789012";
> spdadd any -P out ipsec esp/transport//require;
> results in the following policy:
>[any][any] any
>        out none
>        created: Aug 28 13:25:03 2003  lastused:
>        lifetime: 0(s) validtime: 0(s)
>        spid=489 seq=0 pid=19023
>        refcnt=1
> Why "out none" ?  I specified "-P out ipsec".
> If I specify "-P out discard" it works.
> Any clue?  Am I doing something wrong or is something broken?

Your setkey command is probably incompatible with your kernel.

Try recompiling setkey from the upstream source.  If you use the
Debian source then you must make sure that the header files are
really coming from the kernel as opposed to the copy included in
the Debian package.
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to: