From owner-freebsd-questions Thu Jul 26 8:31:57 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web20004.mail.yahoo.com (web20004.mail.yahoo.com [216.136.225.49]) by hub.freebsd.org (Postfix) with SMTP id 753AD37B403 for ; Thu, 26 Jul 2001 08:31:51 -0700 (PDT) (envelope-from gavinkenny@yahoo.co.uk) Message-ID: <20010726153151.54356.qmail@web20004.mail.yahoo.com> Received: from [193.123.204.66] by web20004.mail.yahoo.com; Thu, 26 Jul 2001 16:31:51 BST Date: Thu, 26 Jul 2001 16:31:51 +0100 (BST) From: =?iso-8859-1?q?Gavin=20Kenny?= Subject: IPSec Problems To: questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG sorry foregot the subject line --- Gavin Kenny wrote: > Date: Thu, 26 Jul 2001 16:30:28 +0100 (BST) > From: Gavin Kenny > To: questions@freebsd.org > > Bianco wrote: > > I've got a PC on which IPsec has to be installed. > The > PC should just > unpack the packets it received an send it to an > other > PC. > > So, I edit, configure and install the kernel new > with > following lines: > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG > This works very well and the system boots with my > new > kernel. > > Then I make the setkey-command in this way: > setkey -c << EOF > spdadd 161.0.0.1 121.0.0.1 any -P out ipsec > esp/tunnel/141.0.5.1-141.0.1.2/require ; > spdadd 121.0.0.1 161.0.0.1 any -P out ipsec > esp/tunnel/141.0.1.2-141.0.5.1/require ; > add 141.0.1.2 141.0.5.1 esp 1000 -m tunnel -E > simple ; > add 141.0.5.1 141.0.1.2 esp 1001 -m tunnel -E > simple ; > EOF > And it also works. I can check the entries in the > SAD- > and SPD-tables. > > The routes for the routing are also configured and > they should work. > > Well, my Problem is, that the IPsec doesn't unpack > the > data-packages. So > the PC isn't possible to send it to the next PC. > Is there anything that I've forgotten to install or > configure? > Is there any possibility to debug the processes > IPsec > dose? > > If there is anyone who can help, please write back > as > soon as possible. > Thank you very much > Bianca > > > I'm having to guess about what machines your IP > numbers represent, but it all looks OK, apart from > your ADD entries. You haven't supplied a > password/passphrase for the algorithm to use. > > i.e. ..... -E simple "password"; > > hope it helps > > Gavin > > ____________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.co.uk address at > http://mail.yahoo.co.uk > or your free @yahoo.ie address at > http://mail.yahoo.ie > ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message