Re: [documentation] Re: [LARTC] IPSEC FIRST LIGHT! (by non-kernel developer :-))

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ingo Oeser: "Re: 2.5.46: ide-cd cdrecord success report"
• Next message: bert hubert: "Re: [documentation] Re: [LARTC] IPSEC FIRST LIGHT! (by non-kernel developer :-))"
• Previous message: David Meybohm: "[PATCH] Fix SB16 PnP IDE controller in 2.4"
• In reply to: David S. Miller: "Re: [documentation] Re: [LARTC] IPSEC FIRST LIGHT! (by non-kernel"

Dave,

This code locks up solid on any ipsec TCP traffic outgoing with this
configuration:

add 10.0.0.11 10.0.0.216 ah 15700 -A hmac-md5 "1234567890123456";
add 10.0.0.216 10.0.0.11 ah 24500 -A hmac-md5 "1234567890123456";

# ESP
add 10.0.0.11 10.0.0.216 esp 15701 -E 3des-cbc "123456789012123456789012";
add 10.0.0.216 10.0.0.11 esp 24501 -E 3des-cbc "123456789012123456789012";

spdadd 10.0.0.216 10.0.0.11 any -P out ipsec
esp/transport//require
ah/transport//require;

spdadd 10.0.0.11 10.0.0.216 any -P in ipsec
esp/transport//require
ah/transport//require;

ICMP traffic is fine however. I'm now investigating how far it gets before
locking up.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Ingo Oeser: "Re: 2.5.46: ide-cd cdrecord success report"
• Next message: bert hubert: "Re: [documentation] Re: [LARTC] IPSEC FIRST LIGHT! (by non-kernel developer :-))"
• Previous message: David Meybohm: "[PATCH] Fix SB16 PnP IDE controller in 2.4"
• In reply to: David S. Miller: "Re: [documentation] Re: [LARTC] IPSEC FIRST LIGHT! (by non-kernel"