Date: Fri, 9 Mar 2001 20:05:47 +0900 From: "ho-sang, yoon" <tsoi@xocah.holywar.net> To: misc@openbsd.org Cc: freebsd-security@freebsd.org Subject: IPsec between OpenBSD and FreeBSD Message-ID: <20010309200546.A1386@xocah.holywar.net>
next in thread | raw e-mail | index | archive | help
Sorry for second question today, I tried this for entire day, but there's no light on me. Changed algorithm, changed key, ... but all was a vain. Can anybody help me out? (I tried manual keying not using racoon or isakmpd) First, just AH, o. in OpenBSD ipsecadm new ah -spi 1000 -src a.a.a.a -dst b.b.b.b -auth sha1 \ -key 1234567890123456789012345678901234567890 ipsecadm new ah -spi 3e9 -dst a.a.a.a -src b.b.b.b -auth sha1 \ -key 1234567890123456789012345678901234567890 ipsecadm flow -dst b.b.b.b -proto ah -addr a.a.a.a \ 255.255.255.255 b.b.b.b 255.255.255.255 -out -require ipsecadm flow -dst a.a.a.a -proto ah -addr b.b.b.b \ 255.255.255.255 a.a.a.a 255.255.255.255 -in -require o. in FreeBSD add b.b.b.b a.a.a.a ah-old 1001 -A keyed-md5 "1234567890123456"; add a.a.a.a b.b.b.b ah-old 4096 -A keyed-md5 "1234567890123456"; spdadd b.b.b.b a.a.a.a any -P out ipsec \ ah/transport/b.b.b.b-a.a.a.a/require; spdadd a.a.a.a b.b.b.b any -P in ipsec \ ah/transport/a.a.a.a-b.b.b.b/require; result, checked tcpdump, and found that packets received in real on both host, but 'checksum mismatch' errors, so pinging is not established. Second, just ESP, o. in OpenBSD ipsecadm new esp -enc blf -spi 1000 -dst b.b.b.b -src a.a.a.a \ -key 12349876432167890192837465098273 ipsecadm new esp -enc blf -spi 3e9 -dst a.a.a.a -src b.b.b.b \ -key 12349876432167890192837465098273 ipsecadm flow -dst b.b.b.b -proto esp -addr a.a.a.a \ 255.255.255.255 b.b.b.b 255.255.255.255 -out -require ipsecadm flow -dst a.a.a.a -proto esp -addr b.b.b.b \ 255.255.255.255 a.a.a.a 255.255.255.255 -in -require o. in FreeBSD add b.b.b.b a.a.a.a esp 1001 -E blowfish-cbc \ "12349876432167890192837465098273"; add a.a.a.a b.b.b.b esp 4096 -E blowfish-cbc \ "12349876432167890192837465098273"; spdadd b.b.b.b a.a.a.a any -P out ipsec \ esp/transport/b.b.b.b-a.a.a.a/require; spdadd a.a.a.a b.b.b.b any -P in ipsec \ esp/transport/a.a.a.a-b.b.b.b/require; result, same as above 'ah only' case, but different error, 'bad pad length' error in tcpdump checking. Any help will be greatly appreciated, * Please CC to me, I'm not on this list. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010309200546.A1386>