linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* ipsec and tunnel mode on kernel 2.6.0-test2
@ 2003-08-05 19:21 Jim Penny
  2003-08-05 21:08 ` bert hubert
  0 siblings, 1 reply; 2+ messages in thread
From: Jim Penny @ 2003-08-05 19:21 UTC (permalink / raw)
  To: linux-kernel

Is it working?

Suppose I am trying to connect 172.18.243.0/24 to 172.18.254.0/24 via
172.18.253.253 and 172.18.254.254. 

I have tried the setkey command:


spdadd 172.18.253.0/24 172.18.254.0/24 any -P in ipsec
        esp/tunnel/172.18.253.253-172.18.254.254/require
        ah/transport//require;


setkey -v -f ...
yieldssadb_msg{ version=2 type=9 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=9 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=19 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=19 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=14 errno=0 satype=0
  len=16 reserved=0 seq=0 pid=5474
sadb_ext{ len=8 type=18 }
sadb_x_policy{ type=2 dir=2 id=0 }
 { len=40 proto=50 mode=2 level=1 reqid=0
sockaddr{ len=16 family=2 port=0
 ac12fefe  }
sockaddr{ len=16 family=2 port=0
 ac12fdfd  }
 }
 { len=8 proto=51 mode=1 level=2 reqid=0
 }
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 ac12fd00  }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 ac12fe00  }

sadb_msg{ version=2 type=14 errno=22 satype=0
  len=2 reserved=0 seq=0 pid=5474

The result of line 21: Invalid argument.

--------

Could someone please tell me what I am doing wrong?  

Notes:  direction does not matter, both orders give the same error. 
Ipsec does work if tunnel is replaced by transport.  But I really do
want tunneling!  Presence, or absence of a manual esp with or without -m
tunnel does not appear to matter.  presence or absence of ah line,
presence or absence of manual ah does not appear to matter.

TIA

Jim Penny




^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: ipsec and tunnel mode on kernel 2.6.0-test2
  2003-08-05 19:21 ipsec and tunnel mode on kernel 2.6.0-test2 Jim Penny
@ 2003-08-05 21:08 ` bert hubert
  0 siblings, 0 replies; 2+ messages in thread
From: bert hubert @ 2003-08-05 21:08 UTC (permalink / raw)
  To: Jim Penny; +Cc: linux-kernel

On Tue, Aug 05, 2003 at 03:21:01PM -0400, Jim Penny wrote:
> Is it working?
> 
> Suppose I am trying to connect 172.18.243.0/24 to 172.18.254.0/24 via
> 172.18.253.253 and 172.18.254.254. 
> 

Without looking at it further, have you compiled setkey & friends against a
recent kernel? There has been an ABI change recently.

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-08-05 21:08 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-08-05 19:21 ipsec and tunnel mode on kernel 2.6.0-test2 Jim Penny
2003-08-05 21:08 ` bert hubert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).