[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
Many thanks for clarifying everything!
Best Regards,
Atul
-----Original Message-----
From: ext itojun@iijlab.net [mailto:itojun@iijlab.net]
Sent: Thursday, June 13, 2002 12:53 PM
To: Sharma Atul (NIC/Boston)
Cc: ipsec@lists.tislabs.com; IPD-IPSEC DG; ipsec-project@iprg.nokia.com
Subject: Re: NonConforming IPsec implementation from FreeBSD(Kame)
IPsec?
>> My IPv6 IPsec policy looks like:
>> # IPv6
>> spdadd 1101::1/128 1101::2/128 any -P out ipsec ah/tunnel/1101::1-1101::2/require;
>> spdadd 1101::2/128 1101::1/128 any -P out ipsec ah/tunnel/1101::2-1101::1/require;
your configuration is wrong. you are not enforcing inbound
policy, therefore, the node will accept traffic regardless from
the presense of AH.
itojun