From owner-freebsd-security  Mon Oct 29  1: 9:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from athena.za.net (athena.za.net [196.30.167.200])
	by hub.freebsd.org (Postfix) with ESMTP id 5121437B405
	for <freebsd-security@freebsd.org>; Mon, 29 Oct 2001 01:09:28 -0800 (PST)
Received: from jus (helo=localhost)
	by athena.za.net with local-esmtp (Exim 3.22 #1)
	id 15y8N6-0004es-00; Mon, 29 Oct 2001 11:06:16 +0200
Date: Mon, 29 Oct 2001 11:06:16 +0200 (SAST)
From: Justin Stanford <jus@security.za.net>
X-Sender: jus@athena.za.net
To: Shoichi Sakane <sakane@kame.net>
Cc: freebsd-security@freebsd.org
Subject: Re: Upgrade to 4.4-STABLE introduces IPSec problems..?
In-Reply-To: <20011029175748V.sakane@kame.net>
Message-ID: <Pine.BSF.4.21.0110291103410.17108-100000@athena.za.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Here's my configuration..

Workstation is athena and server is fyre.

[root@athena] ~# cat /usr/local/etc/ipsec.conf
flush;
spdflush;
add 196.30.167.130 196.30.167.200 esp 9991 -m transport -E blowfish-cbc "keyword erased";
add 196.30.167.200 196.30.167.130 esp 9992 -m transport -E blowfish-cbc "keyword erased";
spdadd 196.30.167.130 196.30.167.200 any -P out ipsec esp/transport/196.30.167.130-196.30.167.200/require;
spdadd 196.30.167.200 196.30.167.130 any -P out ipsec esp/transport/196.30.167.200-196.30.167.130/require;


[root@fyre]~# cat /usr/local/etc/ipsec.conf
flush;
spdflush;
add 196.30.167.130 196.30.167.200 esp 9991 -m transport -E blowfish-cbc "keyword erased";
add 196.30.167.200 196.30.167.130 esp 9992 -m transport -E blowfish-cbc "keyword erased";
spdadd 196.30.167.130 196.30.167.200 any -P out ipsec esp/transport/196.30.167.130-196.30.167.200/use;
spdadd 196.30.167.200 196.30.167.130 any -P out ipsec esp/transport/196.30.167.200-196.30.167.130/use;

/j

--
Justin Stanford
Internet/Network Security & Solutions Consultant
4D Digital Security
http://www.4dds.co.za
Cell: (082) 7402741
E-Mail: jus@security.za.net
PGP Key: http://www.security.za.net/jus-pgp-key.txt

On Mon, 29 Oct 2001, Shoichi Sakane wrote:

> > Recently I upgraded my workstation from 4.2-STABLE to 4.4-STABLE. I left
> > my ipsec.conf's as they were, expecting all would continue as before.. but
> > I seem to have hit a snag. Ever since the upgrade, I have either been
> > unable to transfer data in sizeable quantities (more than a few KB) or at
> > all between my server or my workstation either direction, whether by ftp,
> > scp, http, etc.. upon flushing all IPSec rules, however, things return to
> > normal.
> 
> did you configure that there was no inbound security policy both side ?
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message