IPSEC - tcp port match



Hello.

I try to configure IPSEC to bybass ssh protocol. For example:

setkey -FP
setkey -F
setkey -c << EOF
spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none ;
spdadd 10.1.1.1/32 10.6.10.50 tcp -P in ipsec ah/transport//require ;
EOF

(Pass incoming ssh packets to 10.6.10.50, block other tcp packets)

This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither
FAST_IPSEC nor KAME IPSEC) it doesn't work, first string
"spdadd 10.1.1.1/32 10.6.10.50[22] tcp -P in none" never matches.

Is it bug in 6-STABLE or I missing something?
Does anybody successfuly use IPSEC with tcp port matching under 6-STABLE?

--
Gennady
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages