From owner-freebsd-bugs@FreeBSD.ORG  Mon Apr 12 22:00:43 2004
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0DCB116A4CE
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 12 Apr 2004 22:00:43 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0164F43D5F
	for <freebsd-bugs@hub.freebsd.org>;
	Mon, 12 Apr 2004 22:00:43 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	i3D50gbv070324	for <freebsd-bugs@freefall.freebsd.org>;
	Mon, 12 Apr 2004 22:00:42 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.10/8.12.10/Submit) id i3D50ghX070323;
	Mon, 12 Apr 2004 22:00:42 -0700 (PDT)
	(envelope-from gnats)
Date: Mon, 12 Apr 2004 22:00:42 -0700 (PDT)
Message-Id: <200404130500.i3D50ghX070323@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
Subject: Re: kern/65474: IPSEC filters outbound ISAKMP traffic  and IPSEC
 negotiation fails.
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2004 05:00:43 -0000

The following reply was made to PR kern/65474; it has been noted by GNATS.

From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To: Timothy Ham <tham@nth-order.com>
Cc: freebsd-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org
Subject: Re: kern/65474: IPSEC filters outbound ISAKMP traffic  and IPSEC
 negotiation fails.
Date: Tue, 13 Apr 2004 04:49:36 +0000 (UTC)

 On Mon, 12 Apr 2004, Timothy Ham wrote:
 
 > >Number:         65474
 > >Category:       kern
 >
 > >Fix:
 > Un-safe workaround: instead of "require" policy, use "use".
 
 exclude IKE traffic from your policy before your other rules
 is a better workaround I think because you can still use /require for
 the other rules then.
 
 Please see the end of follwoing thread how to do the above
 and in which revisions your problem got fixed by Hajimu Umemoto.
 
 http://lists.freebsd.org/pipermail/freebsd-net/2004-March/003542.html
 
 -- 
 Greetings
 
 Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
 56 69 73 69 74				http://www.zabbadoz.net/