On Wed, Sep 07, 2011 at 07:25:02PM +0200, Markus Friedl wrote:
> On Sat, Aug 27, 2011 at 10:20:38PM +0200, Axel Rau wrote:
> >
> > Am 19.07.2011 um 21:45 schrieb Markus Friedl:
> >
> > > All OpenBSD versions should have this problem as it's due to the way how
> > > IPsec-flows are encoded in the routing table and I could not find and easy
> > > fix.
> > Does this explain, why I can't reach A from B and vice versa?
>
> no, that's different. you probably have to setup
> bypass flows in ipsec.conf.
>
> however, i think this could help Pawel. you need to recompile
> the kernel (and maybe some userland like netstat/route/ipsecctl).
>
> -m
>
>
> diff --git a/netinet/ip_ipsp.h b/netinet/ip_ipsp.h
> index 0e9b8a1..86e3655 100644
> --- a/netinet/ip_ipsp.h
> +++ b/netinet/ip_ipsp.h
> @@ -108,20 +108,20 @@ struct sockaddr_encap {
[...]
Hello Markus,
The above patch fixes the problem, which I reported. Thanks. The life
is easier now :-).
I've tested it on OpenBSD 4.9 with the rebuilt GENERIC kernel only.
Are you going to commit the patch to CVS?
Best Regards,
Pawel Wieleba
