IPSec with setkey/racoon and multiple single-host SPDs

Suppose you have an IPSec tunnel with two or more single-hosts (instead of, say, a /24 network). Only one host will ping after restarting Racoon. If you ping host A first, you can’t ping host B later, and vice-versa. This has bugged me for a whole morning. I googled for this a lot and had trouble finding anything, but then found http://lists.freebsd.org/pipermail/freebsd-net/2003-November/002002.html and the answer by Helge Oldach at http://lists.freebsd.org/pipermail/freebsd-net/2003-November/002004.html.

Thanks to the KAME people!

Leave a Reply