tech-net: Re: ipsec

Subject: Re: ipsec
To: Wolfgang Rupprecht <wolfgang@wsrcc.com>
From: None <itojun@iijlab.net>
List: tech-net
Date: 07/31/1999 10:02:21

>I'm lost in the land of ipsec. I've done the following:
># setkey -f /etc/setkey.conf
>/etc/setkey.conf contains:

	Sorry this is known bug (or feature) of the version merged into
	NetBSD-current.  The code is too picky about SA's direction (inbound,
	outbound or bidirectional).

	I'll be sync'ing NetBSD-current with latest KAME ipsec soon
	(the configuration worked for me so this will fix the problem).

itojun


-- very useless packet dump for "telnet my interface" :-)
# tcpdump -n -i lo0
tcpdump: listening on lo0
10:00:36.412609 127.0.0.1.65240 > 127.0.0.1.53:  13059+ PTR? 106.95.160.210.in-addr.arpa. (45)
10:00:36.413034 127.0.0.1.53 > 127.0.0.1.65240:  13059 2/2/2 CNAME 106.96 (208)
10:00:36.417341 210.160.95.106 > 210.160.95.106: ESP(spi=9999,seq=0x37)
10:00:36.417597 210.160.95.106 > 210.160.95.106: ESP(spi=9999,seq=0x39)
10:00:36.417760 210.160.95.106 > 210.160.95.106: ESP(spi=9999,seq=0x3b)