Re: state of ipsec

From: Bjoern A. Zeeb <bzeeb-lists_at_lists.zabbadoz.net>
Date: Mon, 16 Feb 2004 13:57:50 +0000 (UTC)
On Sun, 15 Feb 2004, Tobias Roth wrote:

> > Are you able to tcpdump ESP/AH traffic on both peers? Can you verify that
> > the path between both peers doesn't filter this traffic?
>
> that's what i was trying to say. tcpdump does not show any outgoing packets
> when doing phase 1, no packets leave the interface. it looks like this:
> security policies are correctly set, racoon is configured correctly and
> running, i start pinging, and no packets leave the interface. i drop the
> security policies (/etc/rc.d/ipsec forcestop), and the pings immediately
> get through. in racoon output this looks like phase 1 gets initiated but
> since no reply packets come back, it timeouts. i have no packet filter
> running.


ok before any more people tell us that it does not work can you please
give me the following details:

a) what branch/date or release are you seeing these problems ? 5.2R is broken

b) if you are using 5.2R can you please try 5.2.1-RC2/HEAD so that we
   definitively know that it is (not) another problem from those
   we had seen and almost fixed around 5.2R and report if it works there
   with the same setup ?

c) if it still does not work please let me know.


Additionally: if anybody is using 5.2.1-RC2/HEAD and had seen the
problem before but can no logner reproduce it after the update please
let us know too.

-- 
Greetings

Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
56 69 73 69 74				http://www.zabbadoz.net/
Received on Mon Feb 16 2004 - 04:58:40 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC