On Thu, Aug 19, 2004 at 10:07:11AM -0300, Martín Chikilian wrote:I think it is, but in doubt, so accept it explicitly with iptables -A INPUT -p esp -s ip -j ACCEPT
What are the default policies for your fw ???
The default policy is DROP.
Is the ESP protocol being accepted to initiator's machine ??
Everything originating from the other side is accepted, as far as I know, by this rule ... or do I need to explicitly specify something for ipsec to be accepted? Accepting everyting with ip-address of the other side should be enough, right?
If this doesn't work, check isakmp.c at line 253, check_recvdpkt ()On Thu, Aug 19, 2004 at 09:53:51AM -0300, Martín Chikilian wrote:
Maybe fw rules at responder's side ???
The responder's firewall is configured to accept all packets from the initiator's ip address... iptables -t filter -A INPUT -s 82.210.90.xxx -j ACCEPT, so that should cover everything...
found at http://idsa.irisa.fr/cgi-bin/kame/http/source/kame/kame/racoon/isakmp.c
or in your racoon source, and timers in your racoon.conf
Ciao, Martin - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html