IPSec with setkey/racoon and multiple single-host SPDs

Posted on by

Suppose you have an IPSec tunnel with two or more single-hosts (instead of, say, a /24 network). Only one host will ping after restarting Racoon. If you ping host A first, you can’t ping host B later, and vice-versa. This has bugged me for a whole morning. I googled for this a lot and had trouble finding anything, but then found http://lists.freebsd.org/pipermail/freebsd-net/2003-November/002002.html and the answer by Helge Oldach at http://lists.freebsd.org/pipermail/freebsd-net/2003-November/002004.html.

Thanks to the KAME people!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>