On Wed, Sep 07, 2011 at 07:25:02PM +0200, Markus Friedl wrote:
> On Sat, Aug 27, 2011 at 10:20:38PM +0200, Axel Rau wrote:
> >
> > Am 19.07.2011 um 21:45 schrieb Markus Friedl:
> >
> > > All OpenBSD versions should have this problem as it's due to the way how
> > > IPsec-flows are encoded in the
Am 07.09.2011 um 19:25 schrieb Markus Friedl:
> however, i think this could help Pawel. you need to recompile
> the kernel (and maybe some userland like netstat/route/ipsecctl).
Seems to fix the bug. More testing this evening.
Axel
---
PGP-Key:29E99DD6 b +49 151 2300 9283 b computing @ chaos
On Wed, 7 Sep 2011 22:05:42 +0100, owner-b...@openbsd.org wrote:
> Am 07.09.2011 um 19:25 schrieb Markus Friedl:
>
> > no, that's different. you probably have to setup
> > bypass flows in ipsec.conf.
> I'm using isakmpd.conf and must convert to ipsec.conf to use bypass flows.
No need to touch you
Am 07.09.2011 um 19:25 schrieb Markus Friedl:
> no, that's different. you probably have to setup
> bypass flows in ipsec.conf.
I'm using isakmpd.conf and must convert to ipsec.conf to use bypass flows.
>
> however, i think this could help Pawel. you need to recompile
> the kernel (and maybe some u
On Sat, Aug 27, 2011 at 10:20:38PM +0200, Axel Rau wrote:
>
> Am 19.07.2011 um 21:45 schrieb Markus Friedl:
>
> > All OpenBSD versions should have this problem as it's due to the way how
> > IPsec-flows are encoded in the routing table and I could not find and easy
> > fix.
> Does this explain, w
Am 19.07.2011 um 21:45 schrieb Markus Friedl:
> All OpenBSD versions should have this problem as it's due to the way how
> IPsec-flows are encoded in the routing table and I could not find and easy
> fix.
Does this explain, why I can't reach A from B and vice versa?
In
I think the problem is that the flow with the most specific
source-network wins
Am Donnerstag, 28. Juli 2011 um 14:24 schrieb Pawel Wieleba:
> On Tue, Jul 19, 2011 at 09:33:49PM +0100, Stuart Henderson wrote:
> > On 2011/07/19 21:45, Markus Friedl wrote:
> > > All OpenBSD versions should have
On Tue, Jul 19, 2011 at 09:33:49PM +0100, Stuart Henderson wrote:
> On 2011/07/19 21:45, Markus Friedl wrote:
> > All OpenBSD versions should have this problem as it's due to the way how
> > IPsec-flows are encoded in the routing table and I could not find and easy
> > fix.
>
> The easiest fix if
On 2011/07/19 21:45, Markus Friedl wrote:
> All OpenBSD versions should have this problem as it's due to the way how
> IPsec-flows are encoded in the routing table and I could not find and easy
> fix.
The easiest fix if you control both ends is probably to just use
gif(4) tunnels.
For people who
All OpenBSD versions should have this problem as it's due to the way how
IPsec-flows are encoded in the routing table and I could not find and easy
fix.
On Tue, Jul 19, 2011 at 2:28 PM, Pawel Wieleba
wrote:
> To: gn...@openbsd.org
> Subject: [ipsec routing] IP frame is sent to the wrong IPSEC p
To: gn...@openbsd.org
Subject: [ipsec routing] IP frame is sent to the wrong IPSEC peer when using
srcnat, but it should be routed to the network with the most narrow netmask.
From: p.wiel...@iem.pw.edu.pl
Cc: bugs@openbsd.org
Reply-To: p.wiel...@iem.pw.edu.pl
>Synopsis: [ipsec routing] IP f
11 matches
Mail list logo