Re: Kernel 2.6.10 with IPSEC problems?

From: Joerg Platte
Date: Sun Dec 26 2004 - 13:16:55 EST


Am Sonntag, 26. Dezember 2004 16:39 schrieb Patrick McHardy:
Hi!

> Since Linux 2.6.10-rcX. packets from a tunnel-mode SA are dropped if
> no policy exists. You most likely only have an input policy, but no
> forward policy. If you use setkey to configure your policies,
> duplicate the input policy and replace "-P in" with "-P fwd". If you
> let racoon generate the policy you need to upgrade to the latest
> version. pluto should already get it right.

Thanks for the fast reply. It solved my problem. Is this change somewhere
documented? Where can I get this kind of information, if I have problems in
the future with the kernel IPSEC implementation?

Regards,
Jörg

--
Hi! I'm a .signature virus! Copy me into your signature to help me spread!.-.
PGP Key: send mail with subject 'SEND PGP-KEY' PGP Key-ID: FD 4E 21 1D oo|
PGP Fingerprint: 388A872AFC5649D3 BCEC65778BE0C605 _ // /`'\
I am Ohm of Borg. Resistance is voltage divided by current. \X/ (\_;/)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/