From: Terry M. <te...@av...> - 2009-12-22 00:38:27
|
I am using ipsec-tools 0.7.3 with Linux kernel 2.6.27 When I use "generate_policy on;" in my responder racoon.conf, and policy ...... ipcomp/tunnel/x.x.x.x-x.x.x.x/use esp/transport//require; Then the generated policy at my responder is ...ipcomp/tunnel/x.x.x.x-x.x.x.x/require ...... If I manual set ipcomp policy at my responder to "use" then my ipcomp tunnel works as expected. Is racoon generate_policy not able to set "use"? Or does it always assume "require" or "unique"? Terry |
From: VANHULLEBUS Y. <va...@fr...> - 2009-12-22 10:56:12
|
Hi. On Mon, Dec 21, 2009 at 06:42:58PM -0500, Terry Markovich wrote: > I am using ipsec-tools 0.7.3 with Linux kernel 2.6.27 > > When I use "generate_policy on;" in my responder racoon.conf, and policy > > ...... ipcomp/tunnel/x.x.x.x-x.x.x.x/use esp/transport//require; I'm not sure generate_policy works with complex policies, could someone else confirm that ? > Then the generated policy at my responder is > ...ipcomp/tunnel/x.x.x.x-x.x.x.x/require ...... > > If I manual set ipcomp policy at my responder to "use" then my ipcomp tunnel > works as expected. > > Is racoon generate_policy not able to set "use"? Or does it always assume > "require" or "unique"? Actually, racoon can only generate "require" or "unique" policies, but it should be quite simple to patch it to also be able to generate "use" policies. Yvan. |