ipsec and tunnel mode on kernel 2.6.0-test2

From: Jim Penny (jpenny@universal-fasteners.com)
Date: Tue Aug 05 2003 - 14:21:01 EST


Is it working?

Suppose I am trying to connect 172.18.243.0/24 to 172.18.254.0/24 via
172.18.253.253 and 172.18.254.254.

I have tried the setkey command:

spdadd 172.18.253.0/24 172.18.254.0/24 any -P in ipsec
        esp/tunnel/172.18.253.253-172.18.254.254/require
        ah/transport//require;

setkey -v -f ...
yieldssadb_msg{ version=2 type=9 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=9 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=19 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=19 errno=0 satype=0
  len=2 reserved=0 seq=0 pid=5474

sadb_msg{ version=2 type=14 errno=0 satype=0
  len=16 reserved=0 seq=0 pid=5474
sadb_ext{ len=8 type=18 }
sadb_x_policy{ type=2 dir=2 id=0 }
 { len=40 proto=50 mode=2 level=1 reqid=0
sockaddr{ len=16 family=2 port=0
 ac12fefe }
sockaddr{ len=16 family=2 port=0
 ac12fdfd }
 }
 { len=8 proto=51 mode=1 level=2 reqid=0
 }
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 ac12fd00 }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
 ac12fe00 }

sadb_msg{ version=2 type=14 errno=22 satype=0
  len=2 reserved=0 seq=0 pid=5474

The result of line 21: Invalid argument.

--------

Could someone please tell me what I am doing wrong?

Notes: direction does not matter, both orders give the same error.
Ipsec does work if tunnel is replaced by transport. But I really do
want tunneling! Presence, or absence of a manual esp with or without -m
tunnel does not appear to matter. presence or absence of ah line,
presence or absence of manual ah does not appear to matter.

TIA

Jim Penny

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:30 EST