Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#23 IPSec suport for SCTP

setkey
closed
nobody
5
2009-01-16
2005-09-23
Anonymous
No

HI

My configuration is :
Red Hat Linux (kernel 2.6.8.1)
ipsec-tool 0.6.1

I am trying to give protocol as sctp while adding my SP
using command in file setkey.conf

========================================
At : 172.16.10.155 ( m/c A )

spdadd 172.16.10.155 172.16.10.154 sctp -P out ipsec
esp/transport//require;

spdadd 172.16.10.154 172.16.10.155 sctp -P in ipsec
esp/transport//require;

========================================
At : 172.16.10.154 ( m/c B )

spdadd 172.16.10.154 172.16.10.155 sctp -P out ipsec
esp/transport//require;

spdadd 172.16.10.155 172.16.10.154 sctp -P in ipsec
esp/transport//require;

========================================

But when i try to make SCTP connection the ethereal
shows the SCTP INIT chunk is sent i.e it was not
encrypted but the other machine also not respond to the
INIT message. so connection was NOT established.
I have tried sending INIT from m/c A to B and also from
m/c B to A. But the result is same.
But as soon as I remove the rules(setkey.conf) from one
side which is getting INIT it sends the INIT ACK but the
side receiving INIT-ACK does not acknoledge it.

After removing the rules from both side it works fine.

I have also tried giving protocol number 132 of sctp as
shown below but it too does not work.

spdadd 172.16.10.155 172.16.10.154 132 -P out ipsec
esp/transport//require;

I am also able to setup the SCTP connection by
using "any" in spdadd command as protocol.

Please tell me what is happening. Do we not support the
SCTP or how can we give rule for SCTP

Regards,
Ashwani Kathuria

Discussion

  • Timo Teras
    Timo Teras
    2009-01-16

    • status: open --> closed
     
  • Timo Teras
    Timo Teras
    2009-01-16

    Closing all sourceforge.net bugs. If this issue has not been cared for please submit a new bug report to https://trac.ipsec-tools.net/ issue tracker. Thank you.