| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101208071109.GA14537@gondor.apana.org.au> Date: Wed, 8 Dec 2010 15:11:09 +0800 From: Herbert Xu <herbert@...dor.apana.org.au> To: latten@...tin.ibm.com Cc: netdev@...r.kernel.org, samudrala@...ibm.com, rashmin@...ibm.com Subject: Re: IPsecv6 tunnel mode fragmentation Joy Latten <latten@...tin.ibm.com> wrote: > > We have come across an ipsec problem that I think was > noted a while back in the following link. > http://www.mail-archive.com/netdev@vger.kernel.org/msg61659.html Looks like a configuration issue to me. One end is using the same IP address (*::1234) both within and outside the tunnel. Thus when the ICMP error message is sent it ends up outside the tunnel causing it to be discarded by the other side. So if you're using tunnel mode you really should use distinct IP addresses. Cheers, -- Email: Herbert Xu <herbert@...dor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists