VPN solution(s) for Fedora Core

James Morris jmorris at redhat.com
Fri May 21 19:22:40 UTC 2004


On Fri, 21 May 2004, Felipe Alfaro Solana wrote:

> However, I must say there are some problems with automatic keying and
> 2.6 kernels regarding the use of ISAKMP/IKE. The problem is that
> settings an SPD between both tunnel end-points causes the first packet
> between any of them to start negotiating the Security Association. But
> the kernel, instead of queueing the packet that triggered the ISAKMP/IKE
> exchange (in order to set up the SA), discards it and returns -EGAIN
> error to the userspace caller which, in turn, translates into "Resource
> temporarily unavailable" for user space programs.

This is a known issue which needs to be fixed in the upstream kernel.


- James
-- 
James Morris
<jmorris at redhat.com>







More information about the fedora-devel-list mailing list