On Sat, Aug 27, 2011 at 10:20:38PM +0200, Axel Rau wrote:
>
> Am 19.07.2011 um 21:45 schrieb Markus Friedl:
>
> > All OpenBSD versions should have this problem as it's due to the way how
> > IPsec-flows are encoded in the routing table and I could not find and easy
> > fix.
> Does this explain, why I can't reach A from B and vice versa?
no, that's different. you probably have to setup
bypass flows in ipsec.conf.
however, i think this could help Pawel. you need to recompile
the kernel (and maybe some userland like netstat/route/ipsecctl).
-m
diff --git a/netinet/ip_ipsp.h b/netinet/ip_ipsp.h
index 0e9b8a1..86e3655 100644
--- a/netinet/ip_ipsp.h
+++ b/netinet/ip_ipsp.h
@@ -108,20 +108,20 @@ struct sockaddr_encap {
union {
struct { /* SENT_IP4 */
u_int8_t Direction;
- struct in_addr Src;
struct in_addr Dst;
+ struct in_addr Src;
u_int8_t Proto;
- u_int16_t Sport;
u_int16_t Dport;
+ u_int16_t Sport;
} Sip4;
struct { /* SENT_IP6 */
u_int8_t Direction;
- struct in6_addr Src;
struct in6_addr Dst;
+ struct in6_addr Src;
u_int8_t Proto;
- u_int16_t Sport;
u_int16_t Dport;
+ u_int16_t Sport;
} Sip6;
struct ipsec_policy *PolicyHead; /* SENT_IPSP */
