On Tue, 4 Mar 2008, Cyrus Rahman wrote:
Hi,
Is there a known problem running ah+esp on ip6? I can set up an
association and run ah+esp just fine on ip4,
and ah or esp work well by themselves in ip6, but I've had no luck
with combining them on ip6.
I know that ipcomp is documented to be broken but I haven't seen
anything about this problem. This is on 7.0-RELEASE.
For example this:
spdadd hostA hostB any -P out ipsec
esp/transport//require ah/transport//require;
spdadd hostB hostA any -P in ipsec
esp/transport//require ah/transport//require;
results in no exchange but the following messages in syslog:
snowfall kernel: ip6_output (ipsec): error code 22
Taking either ah or esp out of the policy works just fine.
22 is EINVAL.
The same error message is there twice in sys/netinet6/ip6_output.c
(search for "(ipsec)" w/o the "").
Could you alter them so we can tell them apart, recompile the kernel
and file a PR with this information and whether it is the printf after
ipsec6_output_trans or after ipsec6_output_tunnel.
/bz
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Software is harder than hardware so better get it right the first time.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
