Is there a known problem running ah+esp on ip6? I can set up an
association and run ah+esp just fine on ip4,
and ah or esp work well by themselves in ip6, but I've had no luck
with combining them on ip6.
I know that ipcomp is documented to be broken but I haven't seen
anything about this problem. This is on 7.0-RELEASE.
For example this:
spdadd hostA hostB any -P out ipsec
esp/transport//require ah/transport//require;
spdadd hostB hostA any -P in ipsec
esp/transport//require ah/transport//require;
results in no exchange but the following messages in syslog:
snowfall kernel: ip6_output (ipsec): error code 22
Taking either ah or esp out of the policy works just fine.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
