From: tito <ab...@di...> - 2003-09-27 19:39:20
|
Hi, =20 As someone posted befote I also have got ipsec working under transport mode in a variety of configurations, but I'm getting consistent problem attempting to set policy for tunnel mode: =20 spdadd 10.1.0.0/24 10.3.0.0/24 any -P out ipsec ah/tunnel/10.2.0.1-10.2.0.2/require; =20 Network is: =20 =20 Host1---------------Router1-------------------Router2------------------- Host2 10.1.0.0/24 10.2.0.1 10.2.0.2 10.3.0.0/24 =20 and the error I get is: =20 [root@router1 etc]# setkey -v -c spdadd 10.1.0.0/24 10.3.0.0/24 any -P out ipsec ah/tunnel/10.2.0.1-10.2.0.2/require; sadb_msg{ version=3D2 type=3D14 errno=3D0 satype=3D0 len=3D15 reserved=3D0 seq=3D0 pid=3D770 sadb_ext{ len=3D7 type=3D18 } sadb_x_policy{ type=3D2 dir=3D2 id=3D0 } { len=3D40 proto=3D51 mode=3D2 level=3D2 reqid=3D0 sockaddr{ len=3D16 family=3D2 port=3D0 0a020001 } sockaddr{ len=3D16 family=3D2 port=3D0 0a020002 } } sadb_ext{ len=3D3 type=3D5 } sadb_address{ proto=3D255 prefixlen=3D24 reserved=3D0x0000 } sockaddr{ len=3D16 family=3D2 port=3D0 0a010000 } sadb_ext{ len=3D3 type=3D6 } sadb_address{ proto=3D255 prefixlen=3D24 reserved=3D0x0000 } sockaddr{ len=3D16 family=3D2 port=3D0 0a030000 } =20 sadb_msg{ version=3D2 type=3D14 errno=3D22 satype=3D0 len=3D2 reserved=3D0 seq=3D0 pid=3D770 =20 The result of line 2: Invalid argument. =20 I am using kernel 2.6-test5 with the latest ipsec-tools versi=F3n available at sourceforge. Am I doing something wrong??? Is this a bug?? =20 Best regards, TITO. |