On Wed, Sep 07, 2011 at 07:25:02PM +0200, Markus Friedl wrote: > On Sat, Aug 27, 2011 at 10:20:38PM +0200, Axel Rau wrote: > > > > Am 19.07.2011 um 21:45 schrieb Markus Friedl: > > > > > All OpenBSD versions should have this problem as it's due to the way how > > > IPsec-flows are encoded in the routing table and I could not find and easy > > > fix. > > Does this explain, why I can't reach A from B and vice versa? > > no, that's different. you probably have to setup > bypass flows in ipsec.conf. > > however, i think this could help Pawel. you need to recompile > the kernel (and maybe some userland like netstat/route/ipsecctl). > > -m > > > diff --git a/netinet/ip_ipsp.h b/netinet/ip_ipsp.h > index 0e9b8a1..86e3655 100644 > --- a/netinet/ip_ipsp.h > +++ b/netinet/ip_ipsp.h > @@ -108,20 +108,20 @@ struct sockaddr_encap {
[...] Hello Markus, The above patch fixes the problem, which I reported. Thanks. The life is easier now :-). I've tested it on OpenBSD 4.9 with the rebuilt GENERIC kernel only. Are you going to commit the patch to CVS? Best Regards, Pawel Wieleba