Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Jul 2001 16:30:28 +0100 (BST)
From:      =?iso-8859-1?q?Gavin=20Kenny?= <gavinkenny@yahoo.co.uk>
To:        questions@freebsd.org
Message-ID:  <20010726153028.45404.qmail@web20003.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help 
Bianco wrote:

I've got a PC on which IPsec has to be installed. The
PC should just
unpack the packets it received an send it to an other
PC.

So, I edit, configure and install the kernel new with
following lines:
    options IPSEC
    options IPSEC_ESP
    options IPSEC_DEBUG
This works very well and the system boots with my new
kernel.

Then I make the setkey-command in this way:
    setkey -c << EOF
    spdadd 161.0.0.1 121.0.0.1 any -P out ipsec
esp/tunnel/141.0.5.1-141.0.1.2/require ;
    spdadd 121.0.0.1 161.0.0.1 any -P out ipsec
esp/tunnel/141.0.1.2-141.0.5.1/require ;
    add 141.0.1.2 141.0.5.1 esp 1000 -m tunnel -E
simple ;
    add 141.0.5.1 141.0.1.2 esp 1001 -m tunnel -E
simple ;
    EOF
And it also works. I can check the entries in the SAD-
and SPD-tables.

The routes for the routing are also configured and
they should work.

Well, my Problem is, that the IPsec doesn't unpack the
data-packages. So
the PC isn't possible to send it to the next PC.
Is there anything that I've forgotten to install or
configure?
Is there any possibility to debug the processes IPsec
dose?

If there is anyone who can help, please write back as
soon as possible.
Thank you very much
Bianca


I'm having to guess about what machines your IP
numbers represent, but it all looks OK, apart from
your ADD entries. You haven't supplied a
password/passphrase for the algorithm to use.

i.e. ..... -E simple "password";

hope it helps

Gavin

____________________________________________________________
Do You Yahoo!?
Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk
or your free @yahoo.ie address at http://mail.yahoo.ie

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010726153028.45404.qmail>