[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?

To: <itojun@iijlab.net>
Subject: RE: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
From: Atul.Sharma@nokia.com
Date: Thu, 13 Jun 2002 13:05:52 -0400
Cc: <ipsec@lists.tislabs.com>, <DG.IPD-IPSEC@nokia.com>, <ipsec-project@iprg.nokia.com>
Sender: owner-ipsec@lists.tislabs.com
Thread-Index: AcIS+scOsfRdEYAyT32dDhX9G5ODogAAYyNQ
Thread-Topic: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?

Many thanks for clarifying everything!

Best Regards,
Atul

-----Original Message-----
From: ext itojun@iijlab.net [mailto:itojun@iijlab.net]
Sent: Thursday, June 13, 2002 12:53 PM
To: Sharma Atul (NIC/Boston)
Cc: ipsec@lists.tislabs.com; IPD-IPSEC DG; ipsec-project@iprg.nokia.com
Subject: Re: NonConforming IPsec implementation from FreeBSD(Kame)
IPsec? 


>> My IPv6 IPsec policy looks like:
>> # IPv6
>> spdadd 1101::1/128 1101::2/128 any -P out ipsec ah/tunnel/1101::1-1101::2/require;
>> spdadd 1101::2/128 1101::1/128 any -P out ipsec ah/tunnel/1101::2-1101::1/require;

	your configuration is wrong.  you are not enforcing inbound
	policy, therefore, the node will accept traffic regardless from
	the presense of AH.

itojun

Prev by Date: Re: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
Next by Date: Fwd: Re: Son of IKE: A proposal for moving forward
Prev by thread: Re: NonConforming IPsec implementation from FreeBSD(Kame) IPsec?
Next by thread: IPsec AH and ESP I-Ds; source address as possible SA selector for multicastSA?
Index(es):
- Date
- Thread