Re: 2.4.21 IPSEC problems

To: john@johnleach.co.uk (John Leach), debian-security@lists.debian.org
Subject: Re: 2.4.21 IPSEC problems
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Fri, 29 Aug 2003 22:49:12 +1000
Message-id: <[🔎] E19sigi-0000h6-00@gondolin.me.apana.org.au>
In-reply-to: <[🔎] 1062073744.17302.17.camel@peppard.dark.lan>

John Leach <john@johnleach.co.uk> wrote:
> 
> I haven't been able to get Linux to send any ESP packets at all yet.
> 
> add 192.168.0.145 192.168.0.143 esp 24501 -E 3des-cbc "123456789012123456789012";
> spdadd 192.168.0.145 192.168.0.143 any -P out ipsec esp/transport//require;
> 
> results in the following policy:
> 
> 192.168.0.145[any] 192.168.0.143[any] any
>        out none
>        created: Aug 28 13:25:03 2003  lastused:
>        lifetime: 0(s) validtime: 0(s)
>        spid=489 seq=0 pid=19023
>        refcnt=1
> 
> Why "out none" ?  I specified "-P out ipsec".
> If I specify "-P out discard" it works.
> 
> Any clue?  Am I doing something wrong or is something broken?

Your setkey command is probably incompatible with your kernel.

Try recompiling setkey from the upstream source.  If you use the
Debian source then you must make sure that the header files are
really coming from the kernel as opposed to the copy included in
the Debian package.
-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Reply to:

Follow-Ups:
- Re: 2.4.21 IPSEC problems
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

References:
- 2.4.21 IPSEC problems
  - From: John Leach <john@johnleach.co.uk>

Prev by Date: Re [8]:
Next by Date: ScanMail Message to recipient: eManager settings were matched and action was taken.
Previous by thread: 2.4.21 IPSEC problems
Next by thread: Re: 2.4.21 IPSEC problems
Index(es):
- Date
- Thread