| To: | Patrick McHardy <kaber@xxxxxxxxx> |
|---|---|
| Subject: | Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward |
| From: | Aidas Kasparas <a.kasparas@xxxxxx> |
| Date: | Tue, 19 Oct 2004 18:57:19 +0300 |
| Cc: | netdev@xxxxxxxxxxx, ipsec-tools-devel@xxxxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <417534F1.1010401@xxxxxxxxx> |
| References: | <4172943B.8050904@xxxxxxxxx> <20041017212317.GA28615@xxxxxxxxxxxxxxxxxxx> <4172F1AB.4020305@xxxxxxxxx> <20041017231258.GA29294@xxxxxxxxxxxxxxxxxxx> <4175334B.3000504@xxxxxx> <417534F1.1010401@xxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla Thunderbird 0.8 (X11/20040918) |
Patrick McHardy wrote: Aidas Kasparas wrote:I'm sorry, what is wrong with racoon?When generate_policy is set to on racoon doesn't generate forward policies for tunnel mode SAs, so traffic forwarded from a tunnel is not subject to policy checks.
Patrick,
what _forward_ policies should racoon generate. And WHY?!
Could you please specify for the case when:
- remote host has address A.A.A.A
- security gateway have insecure adress B.B.B.B
- secured network is C.C.C.0/24, security gateway's address C.C.C.C
what policies in your oppinion has to be inserted into SPD for this
setup by racoon?
Thanks in advance.
I have a patch which fixes this, I will post it a couple of days. Regards Patrick -- Aidas Kasparas IT administrator GM Consult Group, UAB |
| Previous by Date: | Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy |
|---|---|
| Next by Date: | Re: Network Driver and NFS Root, Bob Wirka |
| Previous by Thread: | Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Patrick McHardy |
| Next by Thread: | Re: [Ipsec-tools-devel] Re: [PATCH 2.6]: Check against correct policy list in ip_forward/ip6_forward, Herbert Xu |
| Indexes: | [Date] [Thread] [Top] [All Lists] |