[redhat-lspp] using ah and esp protocols in ipsec
Joy Latten
latten at austin.ibm.com
Tue Oct 17 21:59:10 UTC 2006
On Mon, 2006-10-16 at 18:56 -0500, Klaus Weidner wrote:
> On Mon, Oct 16, 2006 at 05:20:46PM -0500, Joy Latten wrote:
> > When ipsec policy is specified as:
> >
> > spdadd 9.3.189.57 9.3.192.210 any
> > -ctx 1 1 "system_u:object_r:passwd_t:s3"
> > -P out ipsec
> > esp/transport//require ah/transport//require;
> >
> > Since I specified both esp and ah protocols,
> > racoon created 4 SAs, 2 for esp and 2 for AH.
> > All four SAs created had the following security context:
> > security context: root:sysadm_r:ping_t:s0-s15:c0.c1023
> > (A ping resulted in the SAs being created.)
>
> Can you try establishing the SA by using a TCP connection instead of
> ping, for example from a "s2" or "s3" process in this case? Does that
> make any difference?
>
This morning I realized I was using Eric's kernel and had not updated to
Steve's latest 52 kernel. So I downloaded and installed 52 kernel and
now cannot get labeled or non-labeled ipsec to work at all. Let me
figure out what I am doing wrong and then I'll try and answer your
question.
Joy
More information about the redhat-lspp
mailing list