On Sat, Aug 27, 2011 at 10:20:38PM +0200, Axel Rau wrote: > > Am 19.07.2011 um 21:45 schrieb Markus Friedl: > > > All OpenBSD versions should have this problem as it's due to the way how > > IPsec-flows are encoded in the routing table and I could not find and easy > > fix. > Does this explain, why I can't reach A from B and vice versa?
no, that's different. you probably have to setup bypass flows in ipsec.conf. however, i think this could help Pawel. you need to recompile the kernel (and maybe some userland like netstat/route/ipsecctl). -m diff --git a/netinet/ip_ipsp.h b/netinet/ip_ipsp.h index 0e9b8a1..86e3655 100644 --- a/netinet/ip_ipsp.h +++ b/netinet/ip_ipsp.h @@ -108,20 +108,20 @@ struct sockaddr_encap { union { struct { /* SENT_IP4 */ u_int8_t Direction; - struct in_addr Src; struct in_addr Dst; + struct in_addr Src; u_int8_t Proto; - u_int16_t Sport; u_int16_t Dport; + u_int16_t Sport; } Sip4; struct { /* SENT_IP6 */ u_int8_t Direction; - struct in6_addr Src; struct in6_addr Dst; + struct in6_addr Src; u_int8_t Proto; - u_int16_t Sport; u_int16_t Dport; + u_int16_t Sport; } Sip6; struct ipsec_policy *PolicyHead; /* SENT_IPSP */