Date: Thu, 8 Nov 2001 15:45:02 -0800 (PST) From: Will Froning <wfroning@angui.sh> To: <freebsd-questions@freebsd.org> Subject: IPsec w/ Sonicwall Message-ID: <20011108152140.F24612-100000@angui.sh>
next in thread | raw e-mail | index | archive | help
OS: FreeBSD4.3 and SonicWall VPN
I've been trying to setup FreeBSD IPsec to work with SonicWall, but I keep
running into issues.
I've tried it with manual keys and also with IKE (racoon). Neither work.
When I set-up the account on the SonicWall for manual keys DES HMAC_MD5,
for DES it's a 16 digit key and HMAC_MD5 it's a 32 digit key.
When I looked in the FBSD handbook for IPsec, it also claimed DES to be
16, but Setkey still complains. If there is some obvious thing I'm doing
wrong, please inform me. If there is not enough info, please ask. I need
to have this setup for my office guys.
If you need output from my Racoon sessions, just ask.
Please cc me on the reply as I'm not on the list.
Thanks,
Will
When I try to configure setkey I get this:
ipsec.sh:
#!/bin/sh
gifconfig gif0 XXX.XXX.XXX.158 XXX.XXX.XXX.131
ifconfig gif0 inet XXX.XXX.XXX.158 192.168.1.0 netmask 255.255.0.0
setkey -FP
setkey -F
setkey -vc << EOF
spdadd XXX.XXX.XXX.158/32 192.168.1.0/16 any -P out ipsec
esp/tunnel/XXX.XXX.XXX.158-XXX.XXX.XXX.131/require;
spdadd 192.168.1.0/16 XXX.XXX.XXX.158/32 any -P in ipsec
esp/tunnel/XXX.XXX.XXX.131-XXX.XXX.XXX.158/require;
add XXX.XXX.XXX.158 XXX.XXX.XXX.131 esp 822577
-m tunnel
-E des-cbc "WWWWWWWWIIILLLLL"
-A hmac-md5 "SECRETKEYSECRETKEYSECRETKEYSECRE" ;
add XXX.XXX.XXX.131 XXX.XXX.XXX.158 esp 577822
-m tunnel
-E des-cbc "WWWWWWWWIIILLLLL"
-A hmac-md5 "SECRETKEYSECRETKEYSECRETKEYSECRE" ;
wfroning# ./ipsec.sh
line 5: Invalid key length at [WWWWWWWWIIILLLLL]
parse failed, line 5.
--
Will Froning
Unix Sys. Admin.
wfroning@angui.sh
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011108152140.F24612-100000>