On Mon, Feb 16, 2004 at 01:52:32PM +0100, Guido van Rooij wrote: > On Sun, Feb 15, 2004 at 01:37:00AM +0000, Bruce M Simpson wrote: > > On Sun, Feb 15, 2004 at 12:54:26AM +0100, Tobias Roth wrote: > > > yes, setkey -D never outputs anything, no SAs get created at all. > > > > This would tend to suggest either IPSEC support is missing from the kernel, > > or there has been a problem when racoon is issuing PF_KEY socket writes. > > > > Can you recompile with IPSEC_DEBUG enabled and try to replicate the problem? > > IIRC IPSEC currentky has the porblem that if you happen to use require > in your policies, even the ISAKMP packets do not gte out. > > I switched to FAST_IPSEC, which doesnt have this problem. > You can of course also use "use" in stead of "require". i did some more tests and have now verified that IPSEC plus "require" does not work, no packets get sent over the wire. the same setup works like a charm when i change "require" to "use". this is with 5.2.1-RC2 on both machines.Received on Sat Feb 21 2004 - 09:38:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:44 UTC