[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02806) ipsec manual keying, howto set SPD?

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02806) ipsec manual keying, howto set SPD?
From: Reiko MORI <senlizi@xxxxxxxxxxx>
Date: Wed, 18 Feb 2004 20:22:37 +0900
Reply-to: usagi-users@xxxxxxxxxxxxxx
Resent-date: Wed, 18 Feb 2004 21:42:28 +0900
Resent-from: sekiya@xxxxxxxxxxxxxx
Resent-message-id: <200402182142.FMLAAB13957.usagi-users@linux-ipv6.org>
Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
Sender: mori.reiko@xxxxxxxxxxxxxxxx

I'm tring to do TAHI conformance test for IPsec, but it always fail
*only if* I omit "--policy bypass" from the pfkey command. (shown below)

$pfkey --append sp --type esp  --protocol any \
 --src 3ffe:501:ffff:ff05:200:ff:fe00:c1c1/128 \
 --dst 3ffe:501:ffff:ff03:204:d5ff:fe00:198/128 [--policy bypass]

As I believe, above setting is equivalent with this instruction
except the "bypass" option:
 - source address          HOST1_NET5 (as specified in --src)
 - destination address     NUT_NET3   (as specified in --dst)
 - upper spec              any
 - direction               in
 - protocol                ESP
 - mode                    transport

Could you tell me what is wrong with my pfkey operation? Or, it is 
very appreciated if you can suggest me where should I look for 
further investigation.

Sincerely,
Reiko M

PS: pfkey version is 1.13.4.1.


----
Reiko MORI <senlizi@xxxxxxxxxxx>
from Yokohama, Japan
PGP key fingerprint: AABB 4773 48F2 48E8 3604  F7D7 8D91 47F6 AC57 6F2B

Prev by Date: (usagi-users 02805) Release Notes of last TAHI Test Event
Next by Date: (usagi-users 02807) Re: IPv4-over-IPv6-Tunnel
Previous by thread: (usagi-users 02805) Release Notes of last TAHI Test Event
Next by thread: (usagi-users 02808) TAHI conformance test
Index(es):
- Date
- Thread