ipv6 + ah + esp
Cyrus Rahman
crahman at gmail.com
Tue Mar 4 07:16:27 PST 2008
Is there a known problem running ah+esp on ip6? I can set up an
association and run ah+esp just fine on ip4,
and ah or esp work well by themselves in ip6, but I've had no luck
with combining them on ip6.
I know that ipcomp is documented to be broken but I haven't seen
anything about this problem. This is on 7.0-RELEASE.
For example this:
spdadd hostA hostB any -P out ipsec
esp/transport//require ah/transport//require;
spdadd hostB hostA any -P in ipsec
esp/transport//require ah/transport//require;
results in no exchange but the following messages in syslog:
snowfall kernel: ip6_output (ipsec): error code 22
Taking either ah or esp out of the policy works just fine.
More information about the freebsd-net
mailing list