Date: Sun, 15 Oct 2000 18:09:25 -0400 (EDT) From: "Bill O'Connell" <bill@springwoodsys.com> To: Fabrizzio Batista <Fabrizzio.Batista@lojasobino.com.br> Cc: freebsd-questions@freebsd.org Subject: Re: Problems with IPSEC Message-ID: <XFMail.001015180925.bill@springwoodsys.com> In-Reply-To: <00b301c036d7$c3b288e0$65010180@lojasobino.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15-Oct-00 Fabrizzio Batista wrote: > > Thanks for help me, I´m very lost. Do you make IPSEC works ??? > > So, see the configuration and setkey output. > > * LAN A - Subnet 192.168.1.0/24 -> IP: 200.248.23.134 > > IPSEC.CONF: > > flush; > spdflush; > spdadd 192.168.1.0/24 128.1.1.0/24 any -P out ipsec > ah/tunnel/200.248.23.134-200.248.23.150/require; > spdadd 128.1.1.0/24 192.168.1.0/24 any -P in ipsec > ah/tunnel/200.248.23.150-200.248.23.134/require; > add 200.248.23.134 200.248.23.150 ah-old 0xd10003 -m any -A > keyed-md5 > "this is the test"; > add 200.248.23.150 200.248.23.134 ah-old 0xd10004 -m any -A > keyed-md5 > "this is the test"; > > setkey -D: > > 200.248.23.150 200.248.23.134 > ah mode=any spi=13697028(0x00d10004) reqid=0(0x00000000) > A: md5 74686973 20697320 74686520 74657374 > replay=0 flags=0x00000041 state=mature seq=1 pid=390 > created: Oct 15 16:26:57 2000 current: Oct 15 16:33:30 2000 > diff: 393(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > refcnt=1 > > 200.248.23.134 200.248.23.150 > ah mode=any spi=13697027(0x00d10003) reqid=0(0x00000000) > A: md5 74686973 20697320 74686520 74657374 > replay=0 flags=0x00000041 state=mature seq=0 pid=390 > created: Oct 15 16:26:57 2000 current: Oct 15 16:33:30 2000 > diff: 393(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > refcnt=1 > > > setkey -DP: > > 128.1.1.0/24[any] 192.168.1.0/24[any] any > in ipsec > ah/tunnel/200.248.23.150-200.248.23.134/require > spid=4 seq=1 pid=389 > refcnt=1 > 192.168.1.0/24[any] 128.1.1.0/24[any] any > out ipsec > ah/tunnel/200.248.23.134-200.248.23.150/require > spid=3 seq=0 pid=389 > refcnt=1 > > * LAN B - Subnet 128.1.1.0/24 -> IP: 200.248.23.150 > > > IPSEC.CONF: > > flush; > spdflush; > spdadd 128.1.1.0/24 192.168.1.0/24 any -P out ipsec > ah/tunnel/200.248.23.150-200.248.23.134/require; > spdadd 192.168.1.0/24 128.1.1.0/24 any -P in ipsec > ah/tunnel/200.248.23.134-200.248.23.150/require; > add 200.248.23.134 200.248.23.150 ah-old 0xd10003 -m any -A > keyed-md5 "this > is the test"; > add 200.248.23.150 200.248.23.134 ah-old 0xd10004 -m any -A > keyed-md5 "this > is the test"; > > > setkey -D: > > 200.248.23.150 200.248.23.134 > ah mode=any spi=13697028(0x00d10004) reqid=0(0x00000000) > A: md5 74686973 20697320 74686520 74657374 > replay=0 flags=0x00000041 state=mature seq=1 pid=1404 > created: Oct 15 18:21:18 2000 current: Oct 15 18:36:19 2000 > diff: 901(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > refcnt=1 > 200.248.23.134 200.248.23.150 > ah mode=any spi=13697027(0x00d10003) reqid=0(0x00000000) > A: md5 74686973 20697320 74686520 74657374 > replay=0 flags=0x00000041 state=mature seq=0 pid=1404 > created: Oct 15 18:21:18 2000 current: Oct 15 18:36:19 2000 > diff: 901(s) hard: 0(s) soft: 0(s) > last: hard: 0(s) soft: 0(s) > current: 0(bytes) hard: 0(bytes) soft: 0(bytes) > allocated: 0 hard: 0 soft: 0 > refcnt=1 > > setkey -DP: > > 192.168.1.0/24[any] 128.1.1.0/24[any] any > in ipsec > ah/tunnel/200.248.23.134-200.248.23.150/require > spid=5 seq=1 pid=1405 > refcnt=1 > 128.1.1.0/24[any] 192.168.1.0/24[any] any > out ipsec > ah/tunnel/200.248.23.150-200.248.23.134/require > spid=4 seq=0 pid=1405 > refcnt=1 > > > Thanks for all !!! > > >> >> What do the actual SAD and SPD entries look like, i.e. what does >> setkey -D and setkey -DP show? Need to see this on the other >> machine >> as well. >> >> >> Bill > > The SAD and SPD entries look OK. Are you running a firewall and/or NAT on these systems? If so, how are they configured? Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.001015180925.bill>