On Wed, 2003-08-27 at 10:50, Nico Schottelius wrote After changing the policy to: > KeyNote-Version: 2 > Comment: This policy accepts ESP SAs from a remote that uses the right password > $OpenBSD: policy,v 1.6 2001/06/20 16:36:19 angelos Exp $ > $EOM: policy,v 1.6 2000/10/09 22:08:30 angelos Exp $ > Authorizer: "POLICY" > Licensees: "passphrase:keinpasswort" > #Conditions: app_domain == "IPsec policy" && > # esp_present == "yes" && > # esp_enc_alg == "aes" && > # esp_auth_alg == "hmac-sha" -> "true"; > > i get another error: > > bruehe:/etc/isakmpd# isakmpd -d > 104948.995307 Default pf_key_v2_flow: SPDADD: Invalid argument ah, that's definitively linked to the ABI changes ;) I didn't tested on test-4 yet. Thanks for the report. > > (on both sides) > what am I missing now? > > Nico > > > Jean-Francois Dive [Wed, Aug 27, 2003 at 07:35:48AM +0200]: > > The kernel changes have nothing to do wit this, this is SA negotiation > > issue (purely process level). When i updated the debian package, i > > noticed that sometime the keynote policy check failed for no reason. Try > > to define an accept all in the policy file and it should work properly, > > this as a workaround. > > when will you fix it ? :) Working on it. the keynote library is not what i can call an easy and straight forward thing to get into. > > Nico -- -> Jean-Francois Dive --> jef@linuxbe.org There is no such thing as randomness. Only order of infinite complexity. - Marquis de LaPlace - deterministic Principles - - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
