Subject: Re: Fixed arp entry for WaveLan?
To: None <itojun@iijlab.net>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: current-users
Date: 02/21/2000 19:04:55
Itojun, thanks for the tips. I'll try them and send you the raccoon
diagnostics privately if things still go badly.
> there should be no difference between "isakmp on wireless"
> and "isakmp on ethernet"...
The difference I see is that the ipsec / setkey examples all talk
about a system like this:
HostA --- GatwayA ---- GatewayB --- HostB
The host-ip is not equal to the gatway-ip. In the wireless case the
system is as such:
HostA -- HostB
The ip's in the first line of the spdadd and in the following lines
are the same. Its not even clear to me why the code shouldn't apply
the rule recursively until the maximum rule nesting is achieved. Am I
misunderstanding the matching rules?
spdadd 192.168.197.1/32 192.168.197.8/32 any -P out ipsec
esp/transport/192.168.197.1-192.168.197.8/use
ah/transport/192.168.197.1-192.168.197.8/use;
Lets say this rule is applied to a packet. The output packet still
has the source address 192.168.197.1 and it still has the destination
address 192.168.197.8. Wouldn't the rule have to be applied again to
the already 1x ah+esp packet?
-wolfgang
--
Wolfgang Rupprecht <wolfgang@wsrcc.com> http://www.wsrcc.com/wolfgang/
DGPS signals via the Internet http://www.wsrcc.com/wolfgang/gps/dgps-ip.html