IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] kernel 2.2.19, freeswan 1.97, X.509 0.9.12: problem with IKE udp packets

From: Andrea Dell'Amico (adellam_at_link.it)
Date: Thu Jul 04 2002 - 19:40:45 CEST

Hello all,

I'm using freeswan 1.97 with the X.509 0.9.12 and a 2.2.19 kernel. All
is well when I don't filter any traffic. But if I use ipchains to only
enable the udp port 500 (and dns queries, of course), the connection
between two linux hosts, or a ssh sentinel and one linux host, cannot be
established.

The ipchains log is very strange: it seems that some packets are going
from the client to the server and viceversa on udp port 65535, but if I
capture them with tcpdump they look like standard IKE packets from/to
port 500/udp:

Jul 2 12:51:58 gollum kernel: Packet log: input - eth0 PROTO=17
192.168.1.2:65535 192.168.1.1:65535 L=96 S=0x00 I=49048 F=0x00B9 T=64
(#157)
Jul 2 12:52:18 gollum kernel: Packet log: input - eth0 PROTO=17
192.168.1.2:65535 192.168.1.1:65535 L=96 S=0x00 I=49053 F=0x00B9 T=64
(#157)

If I open all the udp traffic from/to 192.168.1.1 and 192.168.1.2 the
connection is immediately established.
Last, I'm seeing the problem only with X.509 certificates. When I use
the freeswan with the X.509 patches but with RSA keys and without
certificates, all goes well with filters enabled.

Any clues?

TYA,
andrea 

-- 
Andrea Dell'Amico - Link s.r.l. <http://www.link.it>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST