Date: Thu, 8 Nov 2001 17:28:51 -0800 (PST) From: Tim Erlin <tperlin@yahoo.com> To: Will Froning <wfroning@angui.sh>, freebsd-questions@freebsd.org Subject: Re: IPsec w/ Sonicwall Message-ID: <20011109012851.22363.qmail@web11701.mail.yahoo.com> In-Reply-To: <20011108152140.F24612-100000@angui.sh>
next in thread | previous in thread | raw e-mail | index | archive | help
I've actually just set this up with isakmpd. How are you validating whether or not the key negotiation works? If you're running tcpdump (or something else), I found that IPSec (or isakmpd?) consistently failed if the interface I was using was set to promiscious by tcpdump. Running tcpdump -p allowed me to watch the key negotiation without affecting it negatively. --Tim --- Will Froning <wfroning@angui.sh> wrote: > OS: FreeBSD4.3 and SonicWall VPN > > I've been trying to setup FreeBSD IPsec to work with > SonicWall, but I keep > running into issues. > > I've tried it with manual keys and also with IKE > (racoon). Neither work. > When I set-up the account on the SonicWall for > manual keys DES HMAC_MD5, > for DES it's a 16 digit key and HMAC_MD5 it's a 32 > digit key. > > When I looked in the FBSD handbook for IPsec, it > also claimed DES to be > 16, but Setkey still complains. If there is some > obvious thing I'm doing > wrong, please inform me. If there is not enough > info, please ask. I need > to have this setup for my office guys. > > If you need output from my Racoon sessions, just > ask. > > Please cc me on the reply as I'm not on the list. > > Thanks, > Will > > When I try to configure setkey I get this: > > ipsec.sh: > #!/bin/sh > gifconfig gif0 XXX.XXX.XXX.158 XXX.XXX.XXX.131 > ifconfig gif0 inet XXX.XXX.XXX.158 192.168.1.0 > netmask 255.255.0.0 > setkey -FP > setkey -F > setkey -vc << EOF > spdadd XXX.XXX.XXX.158/32 192.168.1.0/16 any -P out > ipsec > esp/tunnel/XXX.XXX.XXX.158-XXX.XXX.XXX.131/require; > spdadd 192.168.1.0/16 XXX.XXX.XXX.158/32 any -P in > ipsec > esp/tunnel/XXX.XXX.XXX.131-XXX.XXX.XXX.158/require; > add XXX.XXX.XXX.158 XXX.XXX.XXX.131 esp 822577 > -m tunnel > -E des-cbc "WWWWWWWWIIILLLLL" > -A hmac-md5 > "SECRETKEYSECRETKEYSECRETKEYSECRE" ; > add XXX.XXX.XXX.131 XXX.XXX.XXX.158 esp 577822 > -m tunnel > -E des-cbc "WWWWWWWWIIILLLLL" > -A hmac-md5 > "SECRETKEYSECRETKEYSECRETKEYSECRE" ; > > wfroning# ./ipsec.sh > line 5: Invalid key length at [WWWWWWWWIIILLLLL] > parse failed, line 5. > > -- > Will Froning > Unix Sys. Admin. > wfroning@angui.sh > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of > the message __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011109012851.22363.qmail>