--pE2VAHO2njSJCslu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi all,

I have some problems with rsh over ipsec.  I used to have it working
just fine, but then disbled it when I used a -current kernel with 1.6.1
userland.  Now that I've upgraded all machines to -current, I finally
remembered to switch back to rsh over ipsec, but no luck.

The odd thing is, ipsec is working fine for syslog, but not for rsh.

So, for syslog I have the following setup in /etc/ipsec.conf on the
syslog server:

spdadd <SERVER IP>[514] 0.0.0.0/0 any -P out ipsec esp/transport//use;
spdadd 0.0.0.0/0 <SERVER IP>[514] any -P in ipsec esp/transport//require;

And the reverse for the clients, obviously.  That works fine.  racoon
negotiaties, connection established, syslog encrypted.

So I add back the entries I used to have for rsh and rlogin:

spdadd <SERVER IP>[any] 0.0.0.0/0[514] any -P out ipsec esp/transport//use;
spdadd 0.0.0.0/0[514] <SERVER IP>[any] -P in ipsec esp/transport//require;

On the client side:

spdadd 0.0.0.0/0[any] <CLIENT IP>[514] any -P in ipsec esp/transport//requi=
re;
spdadd <CLIENT IP>[514] 0.0.0.0/0[any] any -P out ipsec esp/transport//use;

Similarly for port 513.

Now this used to work under 1.6.1 <-> 1.6.1, but doesn't work any more.
I also tried explicitly speciying all IP addresses instead of using
0.0.0.0/0, but to no avail.

Does anybody have an idea?

-Jan

--=20
   It's psychosomatic. You need a lobotomy. I'll get a saw.
		  -- Calvin

--pE2VAHO2njSJCslu
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)

iD8DBQE/z5cefFtkr68iakwRArFkAKCDx4Wplv5B/2HytaFse0kuQRJ4SgCgs3sK
f4OPRT4ImXVqQoUCE/8NfyE=
=vsOi
-----END PGP SIGNATURE-----

--pE2VAHO2njSJCslu--