[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deleting IPSec flows

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: Deleting IPSec flows
From: Greg Thomas <getbsd_(_at_)_sbcglobal_(_dot_)_net>
Date: Tue, 19 Nov 2002 13:23:08 -0800

On Tuesday, Nov 19, 2002, at 06:59 US/Pacific, Hakan Olsson wrote:

On Mon, 18 Nov 2002, Greg Thomas wrote:
I screwed up and entered a couple of netmasks wrong but for the life of me I can't figure out how to get them deleted. Here's one of the offending flows (note the mask of 255.255.255.255 even though it's for a network):
Encap:
Source             Port  Destination        Port  Proto
SA(Address/Proto/Type/
Direction)
0/0                0     192.168.2.0/32     0     0
192.168.1.1/50/use/in
I've tried the following (with error messages shown):
root_(_at_)_oats:/root# ipsecadm flow -dst 192.168.1.1 -proto esp \
-addr 192.168.2.0 255.255.255.255 0.0.0.0 0.0.0.0 \
Did you try to switch src and dst above? I.e
 -addr 0.0.0.0 0.0.0.0 192.168.2.0 255.255.255.255
("-addr 0/0 192.168.2.0/32" should work as well nowadays)
-delete -in
pfkey: No such process

Thanks, I had gone ahead and started over last night but this morning I made another mistake. I had no problem's deleting the flow even with the -addr 0/0 192.168.2.0/32 notation. I've just got to pay closer attention to the src and dst.

Greg

Prev by Date: Re: opengk
Next by Date: Hey guys, don't buy from CDW
Previous by thread: Deleting IPSec flows
Next by thread: Re: package and port paranoia
Index(es):
- Date
- Thread

Visit your host, monkey.org