[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
>> My IPv6 IPsec policy looks like:
>> # IPv6
>> spdadd 1101::1/128 1101::2/128 any -P out ipsec ah/tunnel/1101::1-1101::2/require;
>> spdadd 1101::2/128 1101::1/128 any -P out ipsec ah/tunnel/1101::2-1101::1/require;
your configuration is wrong. you are not enforcing inbound
policy, therefore, the node will accept traffic regardless from
the presense of AH.
itojun