* ipsec and tunnel mode on kernel 2.6.0-test2
@ 2003-08-05 19:21 Jim Penny
2003-08-05 21:08 ` bert hubert
0 siblings, 1 reply; 2+ messages in thread
From: Jim Penny @ 2003-08-05 19:21 UTC (permalink / raw)
To: linux-kernel
Is it working?
Suppose I am trying to connect 172.18.243.0/24 to 172.18.254.0/24 via
172.18.253.253 and 172.18.254.254.
I have tried the setkey command:
spdadd 172.18.253.0/24 172.18.254.0/24 any -P in ipsec
esp/tunnel/172.18.253.253-172.18.254.254/require
ah/transport//require;
setkey -v -f ...
yieldssadb_msg{ version=2 type=9 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=9 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=19 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=19 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=14 errno=0 satype=0
len=16 reserved=0 seq=0 pid=5474
sadb_ext{ len=8 type=18 }
sadb_x_policy{ type=2 dir=2 id=0 }
{ len=40 proto=50 mode=2 level=1 reqid=0
sockaddr{ len=16 family=2 port=0
ac12fefe }
sockaddr{ len=16 family=2 port=0
ac12fdfd }
}
{ len=8 proto=51 mode=1 level=2 reqid=0
}
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
ac12fd00 }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
ac12fe00 }
sadb_msg{ version=2 type=14 errno=22 satype=0
len=2 reserved=0 seq=0 pid=5474
The result of line 21: Invalid argument.
--------
Could someone please tell me what I am doing wrong?
Notes: direction does not matter, both orders give the same error.
Ipsec does work if tunnel is replaced by transport. But I really do
want tunneling! Presence, or absence of a manual esp with or without -m
tunnel does not appear to matter. presence or absence of ah line,
presence or absence of manual ah does not appear to matter.
TIA
Jim Penny
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: ipsec and tunnel mode on kernel 2.6.0-test2
2003-08-05 19:21 ipsec and tunnel mode on kernel 2.6.0-test2 Jim Penny
@ 2003-08-05 21:08 ` bert hubert
0 siblings, 0 replies; 2+ messages in thread
From: bert hubert @ 2003-08-05 21:08 UTC (permalink / raw)
To: Jim Penny; +Cc: linux-kernel
On Tue, Aug 05, 2003 at 03:21:01PM -0400, Jim Penny wrote:
> Is it working?
>
> Suppose I am trying to connect 172.18.243.0/24 to 172.18.254.0/24 via
> 172.18.253.253 and 172.18.254.254.
>
Without looking at it further, have you compiled setkey & friends against a
recent kernel? There has been an ABI change recently.
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-08-05 21:08 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-05 19:21 ipsec and tunnel mode on kernel 2.6.0-test2 Jim Penny
2003-08-05 21:08 ` bert hubert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).