Hi,
I was wondering why racoon doesnt support negotiation for per-socket
policies? Is it because racoon maintains its database based on src and dst
addresses and a port based one doesnt always has one?
Is this support is planned for any future ipsec-tools release? It is just
mentioned
at http://ww
Hi,
I need some help for ipsec configurations -- I was trying to use per-socket
based IPsec with racoon. I have used setsockopt to set the ipsec policy on
the socket. Then i started racoon with default configuration of remote and
sainfo being anonymous. Now when i try to send out some ICMP packets
Hi George,
Thanks a lot for the clarification.. Yeah, i was quite confused with
ipsec_set_policy - which has multiple definitions, one which converts the
human readable policy format and another one inside the kernel.. doing a
little bit of code walk through, it looks like the second one is called
y request", which is
> defined in RFC 2367 PF_KEY. Internally, setkey() will call
> ipsec_set_policy() to construct the message then send it down to the
> kernel. However, ipsec_set_policy() is used only for SP, not SA.
>
> blue
>
> aditya kiran wrote:
>
> > Hi,
> &g
Hi,
I was just trying to understand PF_KEY interface for ipsec settings. So,
setkey uses it to do that. but i could find another system call -
ipsec_set_policy. Could any body let me know why there are two interfaces to
configure ipsec?
Thanks,
Aditya
ny on this is appreicated
thanks,
Aditya
On 3/6/07, Lyndon Nerenberg <[EMAIL PROTECTED]> wrote:
> As I understand it, it is not possible to detect upward changes in the
path
> MTU as there is no mechanism for a router to generate an error when a
packet
> is small enough to be accomm
Hi,
I'm just trying to understand the PMTU Discovery support
in FreeBSD. Is upward PMTU (increase in PMTU) is also
discovered when PMTU Discovery is enabled?
Thanks,
Aditya
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/ma
Hi,
I would like to know how to enable Path MTU Discovery in Free BSD 6.0.
Do I need to apply some patch to get it work?
Thanks,
Adityaa
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send a
our VPN server is using mpd3.18 + freebsd6.1
and currently we provide 250 VPN connections
for our students and it works well.
but when i try to make 500 connections
the mpd failed to run.
i suspect it was the freebsd
that can not provide ng more than 250.
is there anything i should do ?
maybe tu
your default gateway should be on a directly connected network; 10.0.2.1 is
not in 10.0.1.0/24 and so your machine doesn't know how to get to it -- your
default gateway needs to be of the form 10.0.1.x, probably 10.0.1.1
Aditya
On Sat, May 25, 2002 at 09:36:17AM -0700, Vinod wrote:
> i
On Wed, May 15, 2002 at 01:45:47AM -0700, Anshuman Kanwar wrote:
> # Bring failed interface down
> ifconfig $old_intf down
why not move the route delete default here rather than later?
> # Delete old route
> route delete default
>
> # Clear ARP cache
> arp -a -d
>
> # Fail Ove
On Sat, Feb 02, 2002 at 08:32:49PM +0100, Rogier R. Mulhuijzen wrote:
> ICMP is an IP protocol, if the very first rule in IPFW is 'allow ip from
> any to any' then ICMP is allowed.
uh, that might be ipfw-speak (I don't use or pretend to know ipfw) but ICMP is
NOT "part" of IP (that would defeat
12 matches
Mail list logo
