On Monday 16 February 2004 6:52 am, Guido van Rooij wrote: > IIRC IPSEC currentky has the porblem that if you happen to use require > in your policies, even the ISAKMP packets do not gte out. > > I switched to FAST_IPSEC, which doesnt have this problem. > You can of course also use "use" in stead of "require". One workaround that solved it for me is to modify your IPSEC policy and insert something like this at the top: spdadd 0.0.0.0/0[500] 0.0.0.0/0[500] any -P out ipsec esp/transport//default; spdadd 0.0.0.0/0[500] 0.0.0.0/0[500] any -P in ipsec esp/transport//default; If that's at the top before anything else, it should override the policy for ISAKMP packets and get things working again without having to fall back to 'use'. A similar entry should be possible for IPv6 as well if you need that. On a somewhat related topic, has anyone encountered panics when the interface that racoon is watching is destroyed (say, gif0)? This is on 5.2-RELEASE. I'll try to get a dump if it happens again... CraigReceived on Mon Feb 16 2004 - 06:29:33 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:43 UTC