Hosting Provided By

linux-ipsec: Relation beteen Pluto & IPSEC?

From: tan xinglie <tansci(at)hotmail.com>
Date: Wed May 27 1998 - 06:13:57 EDT

Dear Sir,

I 've downloaded the example realizaton of ISAKMP:pluto package(0.7) and compiled it using -DJI option .According to the README,I set up the following test environment:

192.168.1.100<--->
FW1(192.168.1.115,192.168.2.1)  <----------->
FW2(192.168.2.2,192.168.3.116)

<--->192.168.3.200

I've tested IPSEC0.7,and it was OK. After running pluto on FW2, I run whack as follows:
FW1#whack 7501 192.168.2.2 7500 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0 encrypt
Things seem OK.
I run whack on machine FW2 as follows: FW1#whack 7501 192.168.2.1 7500 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 encrypt

Another three SPI s were negotiated(were placed in /proc/net/ipsec-spi):

  192.168.2.1   NewSPI(esp)
  192.168.2.1   NEWSPI(ip-in-ip)
  192.168.2.2   NewSPI(esp)

On FW1 ,the same SAs existed.I read /proc/net/ipsec-route,old SAID(192.168.2.1 old(ip-in-ip spi) is in effect. Would you tell me whether the new SAs is in effect?How and When they are in effect?(Because the old SPIs are in the same place as well). Thank you in advance!

Tan
May 26,1998

Get Your Private, Free Email at http://www.hotmail.com Received on Wed May 27 07:13:29 1998

This message: [ Message body ]
Next message: Hugh Daniel: "FreeS/WAN 0.8 as a SG hard crashes Linux kernel, whee."
Previous message: Hugh Daniel: "Bug in freeswan-0.8's replay is on for hand keyed SA's"
In reply to tan xinglie: "(no subject)"
Reply: Kai Martius: "linux-ipsec: Re: Help on ISAKMP"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:15 EDT