From owner-freebsd-questions  Thu Jul 26  8:30:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web20003.mail.yahoo.com (web20003.mail.yahoo.com [216.136.225.48])
	by hub.freebsd.org (Postfix) with SMTP id 27C5F37B406
	for <questions@freebsd.org>; Thu, 26 Jul 2001 08:30:29 -0700 (PDT)
	(envelope-from gavinkenny@yahoo.co.uk)
Message-ID: <20010726153028.45404.qmail@web20003.mail.yahoo.com>
Received: from [193.123.204.66] by web20003.mail.yahoo.com; Thu, 26 Jul 2001 16:30:28 BST
Date: Thu, 26 Jul 2001 16:30:28 +0100 (BST)
From: =?iso-8859-1?q?Gavin=20Kenny?= <gavinkenny@yahoo.co.uk>
To: questions@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Bianco wrote:

I've got a PC on which IPsec has to be installed. The
PC should just
unpack the packets it received an send it to an other
PC.

So, I edit, configure and install the kernel new with
following lines:
    options IPSEC
    options IPSEC_ESP
    options IPSEC_DEBUG
This works very well and the system boots with my new
kernel.

Then I make the setkey-command in this way:
    setkey -c << EOF
    spdadd 161.0.0.1 121.0.0.1 any -P out ipsec
esp/tunnel/141.0.5.1-141.0.1.2/require ;
    spdadd 121.0.0.1 161.0.0.1 any -P out ipsec
esp/tunnel/141.0.1.2-141.0.5.1/require ;
    add 141.0.1.2 141.0.5.1 esp 1000 -m tunnel -E
simple ;
    add 141.0.5.1 141.0.1.2 esp 1001 -m tunnel -E
simple ;
    EOF
And it also works. I can check the entries in the SAD-
and SPD-tables.

The routes for the routing are also configured and
they should work.

Well, my Problem is, that the IPsec doesn't unpack the
data-packages. So
the PC isn't possible to send it to the next PC.
Is there anything that I've forgotten to install or
configure?
Is there any possibility to debug the processes IPsec
dose?

If there is anyone who can help, please write back as
soon as possible.
Thank you very much
Bianca


I'm having to guess about what machines your IP
numbers represent, but it all looks OK, apart from
your ADD entries. You haven't supplied a
password/passphrase for the algorithm to use.

i.e. ..... -E simple "password";

hope it helps

Gavin

____________________________________________________________
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message