From owner-freebsd-stable Mon May 21 10:22:56 2001 Delivered-To: freebsd-stable@freebsd.org Received: from leviathan.inethouston.net (216-118-21-146.pdq.net [216.118.21.146]) by hub.freebsd.org (Postfix) with ESMTP id 4940C37B424 for ; Mon, 21 May 2001 10:22:53 -0700 (PDT) (envelope-from dwcjr@inethouston.net) Received: from dwcjr (DWCJR.inethouston.net [216.118.21.147]) by leviathan.inethouston.net (Postfix) with ESMTP id 75E6610F40F; Mon, 21 May 2001 12:22:55 -0500 (CDT) Message-ID: <01cc01c0e21a$ab230540$931576d8@inethouston.net> From: "David W. Chapman Jr." To: "Brandt Everett" , References: <002e01c0e21a$342dd5a0$632807d8@prosser.bentonrea.org> Subject: Re: ESP between two FreeBSD boxes Date: Mon, 21 May 2001 12:22:53 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Do you have a firewall setup. If so you have to allow all ip traffic from one to the other on boths sides. ie allow all from 192.168.0.0/24 to 192.168.1.0/24 allow all from 192.168.1.0/24 to 192.168.0.0/24 ----- Original Message ----- From: "Brandt Everett" To: Sent: Monday, May 21, 2001 12:19 PM Subject: ESP between two FreeBSD boxes > I am trying to setup a simple encrypted communication between two machines, > but when ever I set it up, communication stops between them. Below are my > setkey commands. I am at a loss. Can anyone help me out? > > Thanks > > Brandt Everett > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > phone: 1-800-398-1232 x 234 > webpage: www.bentonrea.com > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > > > Machine A > /usr/sbin/setkey -c << EOF > spdadd ${boxcar} ${hercules} any -P out ipsec > esp/transport/${boxcar}-${hercules}/require; > spdadd ${hercules} ${boxcar} any -P in ipsec > esp/transport/${hercules}-${boxcar}/require; > add ${boxcar} ${hercules} esp 12345 -E blowfish-cbc "somethingsecret"; > add ${hercules} ${boxcar} esp 12346 -E blowfish-cbc "somethingsecret"; > EOF > > > Machine B > /usr/sbin/setkey -c << EOF > spdadd ${hercules} ${boxcar} any -P out ipsec > esp/transport/${hercules}-${boxcar}/require; > spdadd ${boxcar} ${hercules} any -P in ipsec > esp/transport/${boxcar}-${hercules}/require; > add ${boxcar} ${hercules} esp 12345 -E blowfish-cbc "somethingsecret"; > add ${hercules} ${boxcar} esp 12346 -E blowfish-cbc "somethingsecret"; > EOF > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message