Racoon and per-socket based IPSec - Doesnt seem to be working!
aditya kiran
adityaa.kiran at gmail.com
Mon Aug 20 11:31:01 PDT 2007
Hi,
I need some help for ipsec configurations -- I was trying to use per-socket
based IPsec with racoon. I have used setsockopt to set the ipsec policy on
the socket. Then i started racoon with default configuration of remote and
sainfo being anonymous. Now when i try to send out some ICMP packets, racoon
gets a notification for key-acquire; however, racoon seems to be checking
the policy id in its database and couldnt find one.. so it has thrown an
error saying no spdid found!! and it hasnt initiated any key negotiations...
is this expected? racoon doesnt work with per-socket based ipsec? if thats
the case; how the SA entry in the security policy in the socket will get
filled? Or do I need to use setkey to add an SPD even if i use per-socket
based ipsec?
can somebody please help me in understanding this?
Thanks,
Adityaa
More information about the freebsd-net
mailing list