Date: Sun, 20 Apr 2003 18:27:44 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: cjclark@alum.mit.edu Cc: freebsd-hackers@FreeBSD.org Subject: Re: Single IP host and IPsec tunnel mode experience Message-ID: <20030420232744.GB41554@madman.celabo.org> In-Reply-To: <20030420205901.GA99917@blossom.cjclark.org> References: <20030410161511.GA25681@madman.celabo.org> <20030416052335.GA2519@blossom.cjclark.org> <20030416123621.GC72501@madman.celabo.org> <20030420165538.GA31101@madman.celabo.org> <20030420205901.GA99917@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Apr 20, 2003 at 01:59:01PM -0700, Crist J. Clark wrote: > Yep, I can reproduce that. This setup, [...] > Works great with the apropriate swapping in the SPD on the other end > of the tunnel. However, do the following to both, > > bubbles# ed bubbles.spd > g/esp/s/esp/ah/ > g/-E/s/^/#/ > wq > bubbles# setkey -F; setkey -FP; setkey -f bubbles.spd > > And things do not work. The sender seems to work fine, but the > receiver increments the, > > "inbound packets violated process security policy" > > Counter. But the really puzzling part is that it increments the, > > "inbound packets processed successfully" (which I think I understand) > "inbound packets considered authentic" (which I do not) > > Counters too. > > Your conjecture that it may be somehow processing inbound packets > twice may be on the right track. Thanks for double-checking, Crist. Unfortunately I don't have the cycles right now to track it down. I hope anyone who encounters the same issue will come across this thread in the archives. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030420232744.GB41554>