From: James Morris <jmorris@namei.org>
To: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Cc: Patrick McHardy <kaber@trash.net>, netdev@vger.kernel.org
Subject: Re: Is TCP over IPsec broken in 2.6.18?
Date: Sun, 24 Sep 2006 01:11:21 -0400 (EDT) [thread overview]
Message-ID: <Pine.LNX.4.64.0609240106270.24276@d.namei> (raw)
In-Reply-To: <20060923042914.GC24099@2ka.mipt.ru>
On Sat, 23 Sep 2006, Evgeniy Polyakov wrote:
> I never saw unencrypted packets before.
It's normal and expected, perhaps you didn't notice or had tcpdump
filtering them.
> > > 17:45:11.102212 IP 192.168.4.78 > 192.168.4.79: ESP(spi=0x01f452be,seq=0x3), length 84
> > > 17:45:12.098146 IP 192.168.4.79.isakmp > 192.168.4.78.isakmp: isakmp: phase 2/others ? oakley-quick[E]
> > > 17:45:12.098427 IP 192.168.4.78.isakmp > 192.168.4.79.isakmp: isakmp: phase 2/others ? inf
> >
> > And why racoon packets are here at this stage.
> >
> > Can you try this with either a fully manual config (setkey only) or
> > openswan?
>
> I use racoon, may be there are some problems with it's version, I will
> try new one after weekend.
I just verified that racoon is working with current kernels. Racoon can
be troublesome.
I'm using racoon from ipsec-tools-0.6.5-3.1.
You didn't specify a lifetime in your phase 1 spec ('remote anonymous')
section. Not sure what happens in that case, could be something to do
with it.
- James
--
James Morris
<jmorris@namei.org>
next prev parent reply other threads:[~2006-09-24 5:11 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-22 11:29 Is TCP over IPsec broken in 2.6.18? Evgeniy Polyakov
2006-09-22 11:35 ` Evgeniy Polyakov
2006-09-22 12:19 ` Evgeniy Polyakov
2006-09-22 12:23 ` Patrick McHardy
2006-09-22 14:03 ` Evgeniy Polyakov
2006-09-22 15:15 ` James Morris
2006-09-22 15:47 ` James Morris
2006-09-23 4:29 ` Evgeniy Polyakov
2006-09-24 5:11 ` James Morris [this message]
2006-09-24 9:08 ` Patrick McHardy
2006-09-24 14:33 ` James Morris
2006-09-24 23:54 ` Herbert Xu
[not found] ` <20060925103836.GA13966@2ka.mipt.ru>
2006-09-25 11:27 ` Herbert Xu
2006-09-25 12:05 ` Evgeniy Polyakov
2006-09-25 12:55 ` jamal
2006-09-30 5:06 ` James Morris
2006-09-30 5:14 ` James Morris
2006-09-30 7:41 ` James Morris
2006-09-30 11:15 ` Evgeniy Polyakov
2006-09-30 14:36 ` James Morris
2006-09-30 14:40 ` Evgeniy Polyakov
2006-09-30 14:42 ` Evgeniy Polyakov
2006-09-30 14:44 ` James Morris
2006-10-01 6:27 ` [PATCH] Fix for IPsec leakage with SELinux enabled James Morris
2006-10-02 11:20 ` Evgeniy Polyakov
2006-10-02 13:31 ` James Morris
2006-10-02 13:42 ` Evgeniy Polyakov
2006-10-02 14:05 ` James Morris
2006-10-02 14:27 ` [PATCH] Fix for IPsec leakage with SELinux enabled - V.02 James Morris
2006-10-02 16:00 ` Evgeniy Polyakov
2006-10-02 16:13 ` James Morris
2006-10-02 16:30 ` Evgeniy Polyakov
2006-10-02 16:41 ` James Morris
2006-10-04 5:08 ` Evgeniy Polyakov
2006-10-04 13:00 ` James Morris
2006-10-03 23:18 ` David Miller
2006-10-04 1:33 ` James Morris
2006-10-04 13:41 ` Herbert Xu
2006-10-05 20:58 ` James Morris
2006-10-05 21:04 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0609240106270.24276@d.namei \
--to=jmorris@namei.org \
--cc=johnpol@2ka.mipt.ru \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).