[alexey's nameserver is off, cc to netdev@xxxxxxxxxxx, perhaps he sees it
there]
On Mon, Nov 11, 2002 at 04:51:36AM +0300, kuznet@xxxxxxxxxxxxx wrote:
> Yes, connect() is broken... The patch is enclosed. Alternatively, you
> could allow connections to remote isakmp ports via policy.
Ok, with careful tuning, it will work now. But not for the general case.
If a policy is setup that only applies to ICMP, IKE converges and works (as
it works over UDP).
I wonder, is 'incoming bypass' implemented yet? If there is an incoming
policy, racoon does not see any traffic.
Key refreshing/updating doesn't appear to work either, after they key has
expired, all bets are off.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
|
