Is it working?
Suppose I am trying to connect 172.18.243.0/24 to 172.18.254.0/24 via
172.18.253.253 and 172.18.254.254.
I have tried the setkey command:
spdadd 172.18.253.0/24 172.18.254.0/24 any -P in ipsec
esp/tunnel/172.18.253.253-172.18.254.254/require
ah/transport//require;
setkey -v -f ...
yieldssadb_msg{ version=2 type=9 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=9 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=19 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=19 errno=0 satype=0
len=2 reserved=0 seq=0 pid=5474
sadb_msg{ version=2 type=14 errno=0 satype=0
len=16 reserved=0 seq=0 pid=5474
sadb_ext{ len=8 type=18 }
sadb_x_policy{ type=2 dir=2 id=0 }
{ len=40 proto=50 mode=2 level=1 reqid=0
sockaddr{ len=16 family=2 port=0
ac12fefe }
sockaddr{ len=16 family=2 port=0
ac12fdfd }
}
{ len=8 proto=51 mode=1 level=2 reqid=0
}
sadb_ext{ len=3 type=5 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
ac12fd00 }
sadb_ext{ len=3 type=6 }
sadb_address{ proto=255 prefixlen=24 reserved=0x0000 }
sockaddr{ len=16 family=2 port=0
ac12fe00 }
sadb_msg{ version=2 type=14 errno=22 satype=0
len=2 reserved=0 seq=0 pid=5474
The result of line 21: Invalid argument.
--------
Could someone please tell me what I am doing wrong?
Notes: direction does not matter, both orders give the same error.
Ipsec does work if tunnel is replaced by transport. But I really do
want tunneling! Presence, or absence of a manual esp with or without -m
tunnel does not appear to matter. presence or absence of ah line,
presence or absence of manual ah does not appear to matter.
TIA
Jim Penny
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:30 EST