tech-crypto: Re: ipsec/ipfilter interaction problem

Subject: Re: ipsec/ipfilter interaction problem
To: None <tech-crypto@netbsd.org>
From: Christoph Kaegi <kgc@zhwin.ch>
List: tech-crypto
Date: 09/26/2003 06:20:39

On 26.09-06:53, Daniel Carosone wrote:
> >    
> > -------------------------------------- 8< --------------------------------------
> > Sep 25 20:13:45 hostb ipmon[102]: 20:13:44.159219 fxp1 @0:18 b 1.2.3.4,22 -> 5.6.7.8,52161 PR tcp len 20 60 -AS 861376014 1945689524 16384 OUT 
> > -------------------------------------- 8< --------------------------------------
> > 
> > This means, ipf blocks the packet, before it is IPSEC processed.
> 
> Or it means the packet wasn't IPSEC processed, did the SA die?
> 
> > Running /etc/rc.d/ipsec reload on that machines cures the problem.
> 
> Ahuh, so perhaps the SA did die.
> 

Hm, what does that mean? Can I do something about it, so the SA
doesn't die? Who can it die anyway?

Chris

-- 
----------------------------------------------------------------------
Christoph Kaegi                                           kgc@zhwin.ch
----------------------------------------------------------------------