[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)

To: Niels Provos <provos@citi.umich.edu>
Subject: Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
From: Markus Friedl <markus.friedl@informatik.uni-erlangen.de>
Date: Tue, 2 Mar 1999 21:12:14 +0100
Cc: tech@openbsd.org
References: <199903021704.SAA18545@faui45.informatik.uni-erlangen.de>

On Tue, Mar 02, 1999 at 12:03:30PM -0500, Niels Provos wrote:
> You forgot to specify the IV for the transforms. PF_ENCAP was
> able to do IV-less mode by deriving an IV from the packet headers.
> We dont do that any more with PFKEYv2.
> So just modify your scripts to include a -iv line:

thanks, now it works.
i had to specify an IV for NEW_ESP on the PF_ENCAP machine.

-markus

Prev by Date: Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
Next by Date: runaway shell (tcsh) processes and load average
Prev by thread: Re: ipsec questions/bugs/fixes (PF_KEY/PF_ENCAP)
Next by thread: Re: Real time clock too fast under OBSD
Index(es):
- Date
- Thread