Re: Upgrade to 4.4-STABLE introduces IPSec problems..?
From: Justin Stanford (jus@security.za.net)
Date: 10/29/01
- Next message: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Previous message: root@pop-3.nordnet.fr: "ALERTE: VIRUS DETECTE DANS UN MESSAGE ENVOYE PAR owner-freebsd-security@FreeBSD.ORG"
- In reply to: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Next in thread: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Reply: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Oct 2001 11:06:16 +0200 (SAST) From: Justin Stanford <jus@security.za.net> To: Shoichi Sakane <sakane@kame.net>
Here's my configuration..
Workstation is athena and server is fyre.
[root@athena] ~# cat /usr/local/etc/ipsec.conf
flush;
spdflush;
add 196.30.167.130 196.30.167.200 esp 9991 -m transport -E blowfish-cbc "keyword erased";
add 196.30.167.200 196.30.167.130 esp 9992 -m transport -E blowfish-cbc "keyword erased";
spdadd 196.30.167.130 196.30.167.200 any -P out ipsec esp/transport/196.30.167.130-196.30.167.200/require;
spdadd 196.30.167.200 196.30.167.130 any -P out ipsec esp/transport/196.30.167.200-196.30.167.130/require;
[root@fyre]~# cat /usr/local/etc/ipsec.conf
flush;
spdflush;
add 196.30.167.130 196.30.167.200 esp 9991 -m transport -E blowfish-cbc "keyword erased";
add 196.30.167.200 196.30.167.130 esp 9992 -m transport -E blowfish-cbc "keyword erased";
spdadd 196.30.167.130 196.30.167.200 any -P out ipsec esp/transport/196.30.167.130-196.30.167.200/use;
spdadd 196.30.167.200 196.30.167.130 any -P out ipsec esp/transport/196.30.167.200-196.30.167.130/use;
/j
-- Justin Stanford Internet/Network Security & Solutions Consultant 4D Digital Security http://www.4dds.co.za Cell: (082) 7402741 E-Mail: jus@security.za.net PGP Key: http://www.security.za.net/jus-pgp-key.txt On Mon, 29 Oct 2001, Shoichi Sakane wrote: > > Recently I upgraded my workstation from 4.2-STABLE to 4.4-STABLE. I left > > my ipsec.conf's as they were, expecting all would continue as before.. but > > I seem to have hit a snag. Ever since the upgrade, I have either been > > unable to transfer data in sizeable quantities (more than a few KB) or at > > all between my server or my workstation either direction, whether by ftp, > > scp, http, etc.. upon flushing all IPSec rules, however, things return to > > normal. > > did you configure that there was no inbound security policy both side ? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Previous message: root@pop-3.nordnet.fr: "ALERTE: VIRUS DETECTE DANS UN MESSAGE ENVOYE PAR owner-freebsd-security@FreeBSD.ORG"
- In reply to: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Next in thread: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Reply: Shoichi Sakane: "Re: Upgrade to 4.4-STABLE introduces IPSec problems..?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
