Date: Mon, 19 May 2003 15:46:51 +0200 From: souris <souris@nerim.net> To: freebsd-net@freebsd.org Subject: About IPsec ... Message-ID: <20030519154651.52d77bff.souris@nerim.net>
next in thread | raw e-mail | index | archive | help
Hi, I tryed to make IPSEC between 2 computers : Freebsd 4.8 and NetBSD 1.5.2 While following the handbook : http://www.fr.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html I noticed something. <From Handbook> setkey -c spdadd 10.2.3.4 10.6.7.8 any -P out ipsec ah/transport/10.2.3.4-10.6.7.8/require ; ^D At B: # setkey -c spdadd 10.6.7.8 10.2.3.4 any -P out ipsec esp/transport/10.6.7.8-10.2.3.4/require ; spdadd 10.6.7.8 10.2.3.4 any -P out ipsec ah/transport/10.6.7.8-10.2.3.4/require ; ^D </From Handbook> >From A: only "OUT" traffic is set >From B: 2 "OUT" traffics are set. It seems to be two differents protocols ... so it doesn't matters, but still no "IN" traffic is set. I tryed to simulate exactly the same than the handbook, and setkey gave me an error : root@sexy 14:19 /home/souris$ setkey -c spdadd 10.6.7.8 10.2.3.4 any -P out ipsec esp/transport/10.6.7.8-10.2.3.4/require ; spdadd 10.6.7.8 10.2.3.4 any -P out ipsec ah/transport/10.6.7.8-10.2.3.4/require ; The result of line 4: File exists. (I've just flushed all the setkey's rules before doing that) In the others examples, like IPV6 etc ... there is an OUT and IN traffic set. It seems that without "IN" traffic set, IPSEC don't work ... Traffic go out but not IN : 14:05:07.973207 10.6.7.8 > 10.2.3.4: AH(spi=0x000003e8,seq=0x37d813cc): icmp: echo request 14:05:08.979010 10.6.7.8 > 10.2.3.4: AH(spi=0x000003e8,seq=0x99378b78): icmp: echo request I am obviously not the first one to use this book, but there is an mistake somewhere ... May somebody help me? thx -- souris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030519154651.52d77bff.souris>