[redhat-lspp] using ah and esp protocols in ipsec
Klaus Weidner
klaus at atsec.com
Mon Oct 16 23:56:42 UTC 2006
On Mon, Oct 16, 2006 at 05:20:46PM -0500, Joy Latten wrote:
> When ipsec policy is specified as:
>
> spdadd 9.3.189.57 9.3.192.210 any
> -ctx 1 1 "system_u:object_r:passwd_t:s3"
> -P out ipsec
> esp/transport//require ah/transport//require;
>
> Since I specified both esp and ah protocols,
> racoon created 4 SAs, 2 for esp and 2 for AH.
> All four SAs created had the following security context:
> security context: root:sysadm_r:ping_t:s0-s15:c0.c1023
> (A ping resulted in the SAs being created.)
Can you try establishing the SA by using a TCP connection instead of
ping, for example from a "s2" or "s3" process in this case? Does that
make any difference?
-Klaus
More information about the redhat-lspp
mailing list