Date: Thu, 06 Sep 2001 08:34:41 +0900 From: Shoichi Sakane <sakane@kame.net> To: matt@gsicomp.on.ca Cc: freebsd-net@freebsd.org Subject: Re: Help with IPSec VPN Message-ID: <20010906083441E.sakane@kame.net> In-Reply-To: Your message of "Fri, 31 Aug 2001 09:18:37 -0400" <003201c1321f$71de65e0$1200a8c0@gsicomp.on.ca> References: <003201c1321f$71de65e0$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> 8 outbound packets with no SA available > Both boxes are running RELENG_4_3 (security release), and have 'options > IPSEC' and 'options IPSEC_ESP' in the kernel. > > Box A is 192.168.0.2/24, Box B is 192.168.0.3/24. > > Here's what I'm doing on box A: > > gabby# setkey -c << EOF > add 10.0.2.1 10.0.3.1 esp 1000 -E 3des-cbc "goofgoofgoofgoofgoofgoof"; > add 10.0.3.1 10.0.2.1 esp 1001 -E 3des-cbc "foolfoolfoolfoolfoolfool"; > spdadd 10.0.2.0/24 10.0.3.0/24 any -P out ipsec > esp/tunnel/192.168.0.2-192.168.0.3/require; > spdadd 10.0.3.0/24 10.0.2.0/24 any -P in ipsec > esp/tunnel/192.168.0.3-192.168.0.2/require; > EOF you want to establish the SA between 192.168.0.2 and 192.196.0.3 in ordert to protect the communication between 10.0.2.0/24 and 10.0.3.0/24, don't you ? you have to configure the SAD like following: add 192.168.0.2 192.196.0.3 esp 1000 -E 3des-cbc "goofgoofgoofgoofgoofgoof"; add 192.168.0.3 192.196.0.2 esp 1001 -E 3des-cbc "foolfoolfoolfoolfoolfool"; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010906083441E.sakane>