Re: IPSEC FIRST LIGHT! (by non-kernel developer :-))

bert hubert (ahu@ds9a.nl)
Thu, 7 Nov 2002 19:41:25 +0100


On Thu, Nov 07, 2002 at 08:49:37PM +0300, kuznet@ms2.inr.ac.ru wrote:

> Also, forwarding is still sick, as I told you before going to sleep,
> so expect a patch soon. Unfortunately, despite of all the precautions
> I sleeped all the day, so I am again at the point when cannot test
> anything but loopback. :-)

Well, you are probably a lot smarter now that you slept all day :-)

Any way, this patch helps somethat but it is indeed sick:

first time:
connect(3, {sin_family=AF_INET, sin_port=htons(23),
sin_addr=inet_addr("1.2.3.5")}}, 16) = -1 EAGAIN (Resource temporarily
unavailable)

subsequent times:
connect(3, {sin_family=AF_INET, sin_port=htons(23),
sin_addr=inet_addr("1.2.3.5")}}, 16) = -1 ENOMEM (Cannot allocate memory)

With this configuration:

add 1.2.3.4 10.0.0.216 esp 25701 -E 3des-cbc "123456789012123456789012";
add 10.0.0.216 1.2.3.4 esp 34501 -E 3des-cbc "123456789012123456789012";

spdadd 10.0.0.0/24 1.2.3.0/24 any -P out ipsec
esp/tunnel/10.0.0.216-1.2.3.4/require;

Anything I can do to help, let me know.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/