Realistically, what real-world problem are you trying to solve by doing this?
We are in the process of making our system ipsecv3 compatible, i.e., we are
ensuring all the requirements defined by UNH for isecv3 are met.
You used ipsecconf(1M)'s code/type keywords, right?
Yes, We used ipsecconf(1M)'s Code/Type. Type 128 and 129(for echo request and
reply
reply respectively)
Issue Description
Configuring the system under test with SA1 and SA2 fails i.e., incoming for
echo
request & reply with different algorithms for Encryption and Authentication is
unsuccessful. Same is the case with outgoing packets
After configuring the system with SA1 & SA2, all incoming echo request and echo
reply
messages are getting converted to ESP packets(Observed using snoop) but are
getting
dropped, as such ping to the destination system is failing.
Following are the lines added in /etc/inet/ipsecinit.conf
{ulp ipv6-icmp type 128 code 0 dir in} ipsec {encr_algs 3des encr_auth_algs
sha1 sa shared}
{ulp ipv6-icmp type 129 code 0 dir in} ipsec {encr_algs aes encr_auth_algs
sha256 sa shared}
--
This message posted from opensolaris.org
_______________________________________________
networking-discuss mailing list
[email protected]
