Re: Is TCP over IPsec broken in 2.6.18?

Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-22
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-22
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-22
Re: Is TCP over IPsec broken in 2.6.18? · Patrick McHardy <hidden> · 2006-09-22
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-22
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-22
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-22
Re: Is TCP over IPsec broken in 2.6.18? · Evgeniy Polyakov <hidden> · 2006-09-23
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-24
Re: Is TCP over IPsec broken in 2.6.18? · Patrick McHardy <hidden> · 2006-09-24
Re: Is TCP over IPsec broken in 2.6.18? · James Morris <jmorris@namei.org> · 2006-09-24
Re: Is TCP over IPsec broken in 2.6.18? · Herbert Xu <herbert@gondor.apana.org.au> · 2006-09-24

From: James Morris <jmorris@namei.org>
Date: 2006-09-24 14:33:41

On Sun, 24 Sep 2006, Patrick McHardy wrote:

James Morris wrote:

quoted

On Sat, 23 Sep 2006, Evgeniy Polyakov wrote:

quoted

I never saw unencrypted packets before.


It's normal and expected, perhaps you didn't notice or had tcpdump 
filtering them.

He's talking about transport mode, unencrypted packet should
only be visible in tunnel mode.

Ok.

I've done some more testing with local tcpdumps and not seeing any issues.

Evgeniy: if you update to the latest racoon (and kernel), and still see 
it, please send complete logs of 'racoon -dddd' from each side, and also 
'setkey -x', so we can see if the policy entries are being being modified.


- James
-- 
James Morris
[off-list ref]

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help