[Ipsec-tools-devel] racoon and SPD entries

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

When I start racoon, and subsequently check the SPD entries (using a
setkey -DP), I notice that, next to the SPDs I setup using setkey -f
/etc/racoon/ipsec.conf (containing the SPD entries between
192.168.5.0/24 and 192.168.4.0/24), a bunch of other SPs are
setup. When I stop racoon, these 0.0.0.0/0 entries are all gone
again. What's the purpose of these entries, why are they there, are
they necessary?

192.168.5.0/24[any] 192.168.4.0/24[any] any
        in ipsec
        esp/tunnel/192.168.1.40-192.168.1.30/require
        created: Aug 22 16:02:50 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D168 seq=3D9 pid=3D1870
        refcnt=3D1
192.168.4.0/24[any] 192.168.5.0/24[any] any
        out ipsec
        esp/tunnel/192.168.1.30-192.168.1.40/require
        created: Aug 22 16:02:50 2004  lastused: Aug 22 22:48:56 2004
        lifetime: 0(s) validtime: 0(s)
        spid=3D161 seq=3D8 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        in none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D931 seq=3D7 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        in none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D915 seq=3D6 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        in none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D899 seq=3D5 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        in none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D883 seq=3D4 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        out none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D940 seq=3D3 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        out none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D924 seq=3D2 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        out none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D908 seq=3D1 pid=3D1870
        refcnt=3D1
0.0.0.0/0[any] 0.0.0.0/0[any] any
        out none
        created: Aug 24 14:52:31 2004  lastused:                    =20
        lifetime: 0(s) validtime: 0(s)
        spid=3D892 seq=3D0 pid=3D1870
        refcnt=3D1

Any idea about the 0.0.0.0/0 policies?

cu,

--=20
len...@pa...

gpg fingerprint: A41E A399 5160 BAB9 AEF1  58F2 B92A F4AB 9FFB 3707
gpg key id: 9FFB3707

Those who do not understand Unix are condemned to reinvent it, poorly."
-- Henry Spencer