[solved] 2.6 IPsec (Kame) appears to be working, but it isn't

From: martin f krafft
Date: Tue Jan 06 2004 - 13:16:42 EST

Next message: Ralf Hildebrandt: "Re: 2.6.0: atyfb broken"
Previous message: Adrian Bunk: "2.6.1-rc1-mm2: warning in drivers/net/sk98lin/skge.c"
In reply to: martin f krafft: "2.6 IPsec (Kame) appears to be working, but it isn't"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

also sprach martin f krafft <madduck@xxxxxxxxxxx> [2004.01.06.1812 +0100]:
> I now ping one end from the other, tcpdump reports successful packet
> exchanges on both sides:
>
> 10.201.165.118 > 10.201.23.21:
> AH(spi=0x00000200,seq=0x2d): ESP(spi=0x00000201,seq=0x2d) (DF)
> 10.201.23.21 > 10.201.165.118:
> AH(spi=0x00000300,seq=0x6): ESP(spi=0x00000301,seq=0x6)
>
> However, the ping application at 10.201.165.118 sees none of the
> replies:

This was (of course) my bad. One of the AH keys was incorrect.

I guess I should first learn cut'n'paste before learning IPsec
and/or bothering y'all.

Sorry.

--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck

invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!

"good advice is something a man gives
when he is too old to set a bad example.
-- la rouchefoucauld

Attachment: signature.asc
Description: Digital signature

Next message: Ralf Hildebrandt: "Re: 2.6.0: atyfb broken"
Previous message: Adrian Bunk: "2.6.1-rc1-mm2: warning in drivers/net/sk98lin/skge.c"
In reply to: martin f krafft: "2.6 IPsec (Kame) appears to be working, but it isn't"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]