Date: Sun, 5 Aug 2001 21:05:14 -0500 From: "Travis Leuthauser" <lists-freebsd-net@crimsonwasteland.com> To: <freebsd-net@freebsd.org> Subject: IPSec Question Message-ID: <OLEPKBMLIHCGDKLGKPJGKEDIDLAA.lists-freebsd-net@crimsonwasteland.com>
next in thread | raw e-mail | index | archive | help
I'm trying to setup a tunnel between a FreeBSD 4.4 Prerelease box and a
Netopia R9100 dual ethernet router. Here's my current setup. FreeBSD box
is doing nat for my private nat and is running IPFW allowing only desired
ports in.
Private IP = 172.16.69.1
Public IP = a.a.a.a
Netopia R9100 Public IP = b.b.b.b
Netopia R9100 Private IP = 172.16.250.1
32 Char. Hex Auth Key = 75b916ac534cef32d3db8a44cf5b62c1
SPI = 2568731067
Auth Type = esp
Auth Transform = hmac-md5-96
No Encryption
No Compression
Here's where my problem is coming in. If I issue the following command:
firewall# setkey -c <<EOF
? add a.a.a.a b.b.b.b esp 2568731067 -m tunnel -A hmac-md5
0x75b916ac534cef32d3db8a44cf5b62c1 ;
? EOF
I get the following:
The result of line 1: Invalid argument.
I can successfully do the following:
firewall# setkey -c <<EOF
? spdadd 172.16.69.0/24 172.16.250.0/24 any -P out ipsec
esp/tunnel/a.a.a.a-b.b.b.b/require ;
? spdadd 172.16.250.0/24 172.16.69.0/24 any -P in ipsec
esp/tunnel/b.b.b.b-a.a.a.a/require ;
? EOF
if I issue:
firewall# setkey -DP
I get:
172.16.250.0/24[any] 172.16.69.0/24[any] any
in ipsec
esp/tunnel/b.b.b.b-a.a.a.a/require
spid=4 seq=1 pid=1322
refcnt=1
172.16.69.0/24[any] 172.16.250.0/24[any] any
out ipsec
esp/tunnel/a.a.a.a-b.b.b.b/require
spid=3 seq=0 pid=1322
refcnt=1
Please tell me where I'm going wrong in adding my SAD entry. As well as any
thing else I might need to do once I successfully add my SAD entry.
Thanks,
Travis
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OLEPKBMLIHCGDKLGKPJGKEDIDLAA.lists-freebsd-net>