Jan Schaumann <jschauma@netmeister.org> wrote:

> I have several rules in my /etc/ipsec.conf.  One to encrypt all traffic
> for syslog (the server logs for several other machines), one for amanda
> traffic and one for rsh/login.
> Syslog and amanda traffic is properly encrypted and goes through to all
> hosts.  But rsh traffic does NOT.

I used to have

spdadd server[any] 0.0.0.0/0[514] -P out ipsec esp/transport//use;
spdadd 0.0.0.0/0[514] server[any] -P in ipsec esp/transport//require;

This used to work without a problem.  Now I need:
spdadd server[any] 0.0.0.0/0[0] -P out ipsec esp/transport//use;
spdadd 0.0.0.0/0[514] server[any] -P in ipsec esp/transport//require;

for rsh to work.  What is going on here?

-Jan

-- 
"I am so amazingly cool you could keep a side of meat in me for a 
month. I am so hip I have difficulty seeing over my pelvis."