[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?

To: Atul.Sharma@nokia.com
Subject: Re: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
From: itojun@iijlab.net
Date: Fri, 14 Jun 2002 01:52:50 +0900
Cc: ipsec@lists.tislabs.com, DG.IPD-IPSEC@nokia.com, ipsec-project@iprg.nokia.com
In-reply-to: Atul.Sharma's message of Thu, 13 Jun 2002 12:42:13 -0400. <DC504E9C3384054C8506D3E6BB012460079FE4@bsebe001.NOE.Nokia.com>
Sender: owner-ipsec@lists.tislabs.com

>> My IPv6 IPsec policy looks like:
>> # IPv6
>> spdadd 1101::1/128 1101::2/128 any -P out ipsec ah/tunnel/1101::1-1101::2/require;
>> spdadd 1101::2/128 1101::1/128 any -P out ipsec ah/tunnel/1101::2-1101::1/require;

	your configuration is wrong.  you are not enforcing inbound
	policy, therefore, the node will accept traffic regardless from
	the presense of AH.

itojun

References:
- RE: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
  - From: Atul.Sharma@nokia.com

Prev by Date: Re: Son of IKE: A proposal for moving forward
Next by Date: RE: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
Prev by thread: Re: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
Next by thread: RE: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
Index(es):
- Date
- Thread