Re: state of ipsec

From: Guido van Rooij <guido_at_gvr.org>
Date: Mon, 16 Feb 2004 13:52:32 +0100
On Sun, Feb 15, 2004 at 01:37:00AM +0000, Bruce M Simpson wrote:
> On Sun, Feb 15, 2004 at 12:54:26AM +0100, Tobias Roth wrote:
> > yes, setkey -D never outputs anything, no SAs get created at all.
> 
> This would tend to suggest either IPSEC support is missing from the kernel,
> or there has been a problem when racoon is issuing PF_KEY socket writes.
> 
> Can you recompile with IPSEC_DEBUG enabled and try to replicate the problem?

IIRC IPSEC currentky has the porblem that if you happen to use require
in your policies, even the ISAKMP packets do not gte out.

I switched to FAST_IPSEC, which doesnt have this problem.
You can of course also use "use" in stead of "require".

-Guido
Received on Mon Feb 16 2004 - 03:52:33 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC