Re: 11.2-RC1 setkey invalid spi ?

Olivier Cochard-Labbé Tue, 12 Jun 2018 07:55:48 -0700

On Tue, Jun 12, 2018 at 4:02 PM Patrick Lamaiziere <patf...@davenulle.org>
wrote:


> Le Tue, 12 Jun 2018 14:34:47 +0200,
> Patrick Lamaiziere <patf...@davenulle.org> a écrit :
>
> Hello
>

Hi Patrick,


>
> Well I can reproduce this problem by using setkey(8) :
>
> /etc/ipsec.conf
> add 129.20.128.78 129.20.128.149 tcp 0x1000 -A tcp-md5 "secret";
> add 129.20.128.149 129.20.128.78 tcp 0x1000 -A tcp-md5 "secret";
>
>
>

You can't no more use the same SPI for these 2 entries (cf the TCP MD5
examples into the setkey man page):

Use TCP MD5 between two numerically specified hosts:
           add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP
secret" ;
           add 10.1.10.36 10.1.10.34 tcp 0x1001 -A tcp-md5 "TCP-MD5 BGP
secret" ;

Regards,

Olivier
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: 11.2-RC1 setkey invalid spi ?

Reply via email to