Possible IPsec Trouble in 5.2RC?
Crist J. Clark
cristjc at comcast.net
Sun Dec 21 20:18:10 PST 2003
On Fri, Dec 19, 2003 at 06:32:32AM -0800, Nathan Kay wrote:
> On Thu, Dec 18, 2003 at 10:49:32PM -0800, Crist J. Clark wrote:
> > IPsec does work, however. When I manually load up the SAD with
> > setkey(8), the ESP tunnel comes up and everything is fine.
>
> Confirmed, IKE no longer works for my setup either, while manual
> keying does.
>
> > I think the problem is that the IKE traffic, 500/udp, is not bypassing
> > the IPsec processing like it should.
>
> That's what looked like was going on in my setup as well.
A few others have seen the same problems with KAME IPsec in 5.2RC. One
person mentioned that the FAST_IPSEC implementation does not share the
bug. I switched over and things work fine with the same racoon
executable and configuration. This does look like a bug in the FreeBSD
KAME IPsec.
--
Crist J. Clark | cjclark at alum.mit.edu
| cjclark at jhu.edu
http://people.freebsd.org/~cjc/ | cjc at freebsd.org
More information about the freebsd-current
mailing list