From: <len...@pa...> - 2004-08-24 12:58:56
|
Hi, When I start racoon, and subsequently check the SPD entries (using a setkey -DP), I notice that, next to the SPDs I setup using setkey -f /etc/racoon/ipsec.conf (containing the SPD entries between 192.168.5.0/24 and 192.168.4.0/24), a bunch of other SPs are setup. When I stop racoon, these 0.0.0.0/0 entries are all gone again. What's the purpose of these entries, why are they there, are they necessary? 192.168.5.0/24[any] 192.168.4.0/24[any] any in ipsec esp/tunnel/192.168.1.40-192.168.1.30/require created: Aug 22 16:02:50 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D168 seq=3D9 pid=3D1870 refcnt=3D1 192.168.4.0/24[any] 192.168.5.0/24[any] any out ipsec esp/tunnel/192.168.1.30-192.168.1.40/require created: Aug 22 16:02:50 2004 lastused: Aug 22 22:48:56 2004 lifetime: 0(s) validtime: 0(s) spid=3D161 seq=3D8 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D931 seq=3D7 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D915 seq=3D6 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D899 seq=3D5 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D883 seq=3D4 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D940 seq=3D3 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D924 seq=3D2 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D908 seq=3D1 pid=3D1870 refcnt=3D1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Aug 24 14:52:31 2004 lastused: =20 lifetime: 0(s) validtime: 0(s) spid=3D892 seq=3D0 pid=3D1870 refcnt=3D1 Any idea about the 0.0.0.0/0 policies? cu, --=20 len...@pa... gpg fingerprint: A41E A399 5160 BAB9 AEF1 58F2 B92A F4AB 9FFB 3707 gpg key id: 9FFB3707 Those who do not understand Unix are condemned to reinvent it, poorly." -- Henry Spencer |