Date: Mon, 29 Oct 2001 11:06:16 +0200 (SAST) From: Justin Stanford <jus@security.za.net> To: Shoichi Sakane <sakane@kame.net> Cc: freebsd-security@freebsd.org Subject: Re: Upgrade to 4.4-STABLE introduces IPSec problems..? Message-ID: <Pine.BSF.4.21.0110291103410.17108-100000@athena.za.net> In-Reply-To: <20011029175748V.sakane@kame.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Here's my configuration.. Workstation is athena and server is fyre. [root@athena] ~# cat /usr/local/etc/ipsec.conf flush; spdflush; add 196.30.167.130 196.30.167.200 esp 9991 -m transport -E blowfish-cbc "keyword erased"; add 196.30.167.200 196.30.167.130 esp 9992 -m transport -E blowfish-cbc "keyword erased"; spdadd 196.30.167.130 196.30.167.200 any -P out ipsec esp/transport/196.30.167.130-196.30.167.200/require; spdadd 196.30.167.200 196.30.167.130 any -P out ipsec esp/transport/196.30.167.200-196.30.167.130/require; [root@fyre]~# cat /usr/local/etc/ipsec.conf flush; spdflush; add 196.30.167.130 196.30.167.200 esp 9991 -m transport -E blowfish-cbc "keyword erased"; add 196.30.167.200 196.30.167.130 esp 9992 -m transport -E blowfish-cbc "keyword erased"; spdadd 196.30.167.130 196.30.167.200 any -P out ipsec esp/transport/196.30.167.130-196.30.167.200/use; spdadd 196.30.167.200 196.30.167.130 any -P out ipsec esp/transport/196.30.167.200-196.30.167.130/use; /j -- Justin Stanford Internet/Network Security & Solutions Consultant 4D Digital Security http://www.4dds.co.za Cell: (082) 7402741 E-Mail: jus@security.za.net PGP Key: http://www.security.za.net/jus-pgp-key.txt On Mon, 29 Oct 2001, Shoichi Sakane wrote: > > Recently I upgraded my workstation from 4.2-STABLE to 4.4-STABLE. I left > > my ipsec.conf's as they were, expecting all would continue as before.. but > > I seem to have hit a snag. Ever since the upgrade, I have either been > > unable to transfer data in sizeable quantities (more than a few KB) or at > > all between my server or my workstation either direction, whether by ftp, > > scp, http, etc.. upon flushing all IPSec rules, however, things return to > > normal. > > did you configure that there was no inbound security policy both side ? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0110291103410.17108-100000>