Date: Tue, 4 Mar 2008 07:49:02 -0700 From: "Cyrus Rahman" <crahman@gmail.com> To: freebsd-net@freebsd.org Subject: ipv6 + ah + esp Message-ID: <9e77bdb50803040649u1876d8d4l9f2b7a4cef5c4b5@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Is there a known problem running ah+esp on ip6? I can set up an
association and run ah+esp just fine on ip4,
and ah or esp work well by themselves in ip6, but I've had no luck
with combining them on ip6.
I know that ipcomp is documented to be broken but I haven't seen
anything about this problem. This is on 7.0-RELEASE.
For example this:
spdadd hostA hostB any -P out ipsec
esp/transport//require ah/transport//require;
spdadd hostB hostA any -P in ipsec
esp/transport//require ah/transport//require;
results in no exchange but the following messages in syslog:
snowfall kernel: ip6_output (ipsec): error code 22
Taking either ah or esp out of the policy works just fine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9e77bdb50803040649u1876d8d4l9f2b7a4cef5c4b5>