Re: [documentation] Re: [LARTC] IPSEC FIRST LIGHT! (by non-kernel developer :-))

From: bert hubert (ahu@ds9a.nl)
Date: Fri Nov 08 2002 - 06:27:15 EST

On Fri, Nov 08, 2002 at 12:15:29PM +0100, bert hubert wrote:

> This code locks up solid on any ipsec TCP traffic outgoing with this
> configuration:

Also with the following configuration:

add 10.0.0.216 10.0.0.12 ah 24500 -A hmac-md5 "1234567890123456";
spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
            ah/transport//require;

-or-

add 10.0.0.216 10.0.0.12 esp 24501 -E 3des-cbc "123456789012123456789012";
spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
            esp/transport//require;
 
10.0.0.12 is a host which does not exist. 'telnet 10.0.0.12' locks up
instantly. I'm unsure how to extract more data from my kernel.

Regards,

bert 

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Fri Nov 15 2002 - 22:00:15 EST