On Mon, Mar 1, 2010 at 12:54 PM, Stuart Henderson <s...@spacehopper.org>wrote:
> On 2010-03-01, Tony Sarendal <t...@polarcap.org> wrote: > > Good morning misc, > > > > I upgraded two devices from i386-4.6 to i386-snapshot-feb28. > > After the upgrade snapshot boxes are unable to communicate with the 4.6 > > devices > > when going through ipsec. snapshot-snapshot works fine. > > > > Everything looks ok except that nothing shows up on enc0 when doing > > 4.6<-->snapshot. > > Deleting the SA's restores connectiviy, unencrypted of course. > > Is this a known issue ? > > yes, there was a bug with hmac-sha2 which was causing interop problems > with correct IPsec implementations and needed fixing, unfortunately the > fix breaks backwards compatibility. > > you'll need to switch to e.g. hmac-sha until the 4.6 box can be upgraded. > > Thanks to everyone for the quick and correct response, much appreciated. /T, with a tad of ring rust.
