Date: Tue, 30 Mar 2004 13:15:34 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Hajimu UMEMOTO <ume@FreeBSD.org> Cc: =?ISO-8859-1?Q?Cyrill_R=FCttimann?= <ruettimac@mac.com> Subject: Re: IPSec troubles Message-ID: <Pine.BSF.4.53.0403301313420.714@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <yge8yhipjw4.wl%ume@FreeBSD.org> References: <257C203C-8104-11D8-9902-00039303AB38@mac.com> <Pine.BSF.4.53.0403301115370.714@e0-0.zab2.int.zabbadoz.net> <87BC9FE1-8241-11D8-9782-00039303AB38@mac.com> <Pine.BSF.4.53.0403301225030.714@e0-0.zab2.int.zabbadoz.net> <yge8yhipjw4.wl%ume@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 30 Mar 2004, Hajimu UMEMOTO wrote: Hi, > >>>>> On Tue, 30 Mar 2004 12:33:08 +0000 (UTC) > >>>>> "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> said: > > bzeeb> What I had to do had been "excluding IKE traffic" by doing s.th. > bzeeb> like this (router side config): > bzeeb> spdadd ROUTER[500] NOTEBOOK[500] udp > bzeeb> -P out none ; > bzeeb> spdadd NOTEBOOK[500] ROUTER[500] udp > bzeeb> -P in none ; > bzeeb> This for sure is not the most nifty way to do but it works. > > The per socket security policy is broken under 5.2.1-RELEASE, and it > was fixed in 5-CURRENT. Racoon uses it to exclude IKE packets from > target of IPsec. So, the bzeeb's way should work for workaround. just for the archives (and to let me sleep well again ;-) can you please point me to the commit in question ? Thanks. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0403301313420.714>