IPSEC - tcp port match


I try to configure IPSEC to bybass ssh protocol. For example:

setkey -FP
setkey -F
setkey -c << EOF
spdadd[22] tcp -P in none ;
spdadd tcp -P in ipsec ah/transport//require ;

(Pass incoming ssh packets to, block other tcp packets)

This works under fresh 7-CURRENT(FAST_IPSEC). On fresh 6-STABLE (neither
FAST_IPSEC nor KAME IPSEC) it doesn't work, first string
"spdadd[22] tcp -P in none" never matches.

Is it bug in 6-STABLE or I missing something?
Does anybody successfuly use IPSEC with tcp port matching under 6-STABLE?

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages