Re: ipsec/ipfilter interaction problem

To: tech-crypto%netbsd.org@localhost
Subject: Re: ipsec/ipfilter interaction problem
From: Christoph Kaegi <kgc%zhwin.ch@localhost>
Date: Fri, 26 Sep 2003 06:20:39 +0200

On 26.09-06:53, Daniel Carosone wrote:
> >    
> > -------------------------------------- 8< 
> > --------------------------------------
> > Sep 25 20:13:45 hostb ipmon[102]: 20:13:44.159219 fxp1 @0:18 b 1.2.3.4,22 
> > -> 5.6.7.8,52161 PR tcp len 20 60 -AS 861376014 1945689524 16384 OUT 
> > -------------------------------------- 8< 
> > --------------------------------------
> > 
> > This means, ipf blocks the packet, before it is IPSEC processed.
> 
> Or it means the packet wasn't IPSEC processed, did the SA die?
> 
> > Running /etc/rc.d/ipsec reload on that machines cures the problem.
> 
> Ahuh, so perhaps the SA did die.
> 

Hm, what does that mean? Can I do something about it, so the SA
doesn't die? Who can it die anyway?

Chris

-- 
----------------------------------------------------------------------
Christoph Kaegi                                           kgc%zhwin.ch@localhost
----------------------------------------------------------------------

Follow-Ups:
- Re: ipsec/ipfilter interaction problem
  - From: Daniel Carosone

References:
- ipsec/ipfilter interaction problem
  - From: Christoph Kaegi
- Re: ipsec/ipfilter interaction problem
  - From: Daniel Carosone

Prev by Date: Re: ipsec/ipfilter interaction problem
Next by Date: Re: ipsec/ipfilter interaction problem
Previous by Thread: Re: ipsec/ipfilter interaction problem
Next by Thread: Re: ipsec/ipfilter interaction problem
Indexes:

Home | Main Index | Thread Index | Old Index