[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 83) generate_policy for anonymous connections

To: racoon@kame.net
Subject: (racoon 83) generate_policy for anonymous connections
From: Frederik Seiffert <lists.kame.racoon@equinux.de>
Date: Fri, 11 Apr 2003 18:32:28 +0200
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgoing@kame.net
Delivered-to: racoon@kame.net
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

Hi there!

First of all: thanks a lot for your hint with the "unique" SPD entries! It seems to work quite well now.

Now I've got another problem (still using KAME/racoon from Mac OS X): I'm trying to allow a server to accept connections from clients with dynamically assigned IP addresses. I've created suitable anonymous remote and sainfo blocks in my racoon.conf (exchange_mode aggressive, my_identifier and peers_identifer as FQDN with pre-shared keys) and set "passive on" and "generate_policy on". The connection comes up without problems ("IPsec-SA established"), however, the SPD entries are not being generated. racoon says: "no policy found, try to generate the policy : 192.168.40.111/32[0] 192.168.1.0/24[0] proto=any dir=in" But no such thing seems to happen. setkey -DP returns nothing. If I manually add suitable in- and outbound policies, it all works as expected.

Am I misinterpreting the generate_policy option?

Thanks a lot!
Frederik

Follow-Ups:
- (racoon 104) Re: generate_policy for anonymous connections
  - From: Shoichi Sakane <sakane@tanu.org>

Prev by Date: (racoon 82) Re: Multiple SAs to the same endpoint
Next by Date: (racoon 84) Racoon RFC compliance patch
Previous by thread: (racoon 82) Re: Multiple SAs to the same endpoint
Next by thread: (racoon 104) Re: generate_policy for anonymous connections
Index(es):
- Date
- Thread