On further review of Girish's changes and some testing by the both of
us, the following:
> # ipsecconf -q -a - << EOF
> > {laddr 1.1.1.1 raddr 2.2.2.2} tcpsig {tcpsig_algs md5}
> > EOF
>
> # ipsecconf -l
> #INDEX 9
> { laddr /32 raddr /32 dir out } tcpsig { tcpsig_algs md5 sa shared }
> #INDEX 10
> { laddr /32 raddr /32 dir in } tcpsig { tcpsig_algs md5 sa shared }
>
is a pre-existing condition related to having the local system name be a
fully qualified hostname.
Girish has shown that ipsecconf -ln reports the correct thing in the
kernel and I have changed the hostname to not be fully qualified and ths
command works. I've reproduced the problem independently on a stock system.
I'll file a bug against network/ipsec shortly.
Thanks,
Paul
_______________________________________________
networking-discuss mailing list
[email protected]
