From owner-freebsd-questions  Tue Oct 30 15:33:18 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from thirstydog.dsl.net (thirstydog.dsl.net [65.84.81.4])
	by hub.freebsd.org (Postfix) with ESMTP id 96C4D37B406
	for <freebsd-questions@freebsd.org>; Tue, 30 Oct 2001 15:33:12 -0800 (PST)
Received: from dantooine.vindaloo.com (209-87-65-68.client.dsl.net [209.87.65.68])
	by thirstydog.dsl.net (Postfix) with ESMTP id 07A88191C23
	for <freebsd-questions@freebsd.org>; Tue, 30 Oct 2001 18:33:12 -0500 (EST)
Received: (from chris@localhost)
	by dantooine.vindaloo.com (8.11.4/8.11.6) id f9UNPtL02948
	for freebsd-questions@freebsd.org; Tue, 30 Oct 2001 18:25:55 -0500 (EST)
	(envelope-from chris)
Date: Tue, 30 Oct 2001 18:25:55 -0500
From: Christopher Sean Hilton <chris@vindaloo.com>
To: freebsd-questions@freebsd.org
Subject: IPSEC -- setkey: "Must get supported algorithms list first..."
Message-ID: <20011030182555.A2919@dantooine.vindaloo.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="gBBFr7Ir9EOA20Yy"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi, I'm trying to setup a manually keyed IPSec tunnel between two=20
FreeBSD boxes. No matter how I run setkey I cannot get past this error:

     Must get supported algorithms list first...

I stole the configuration from the FreeBSD IPSec HowTo figuring that I woul=
d=20
modify it to my needs. Here's an actual run:

# setkey -dv -c <<EOF
flush;
add 10.2.3.4 10.6.7.8 ah-old  1000 -m transport -A keyed-md5 "MYSECRETMYSEC=
RET" ;
add 10.6.7.8 10.2.3.4 ah  2000 -m transport -A hmac-sha1 "KAMEKAMEKAMEKAMEK=
AME" ;
add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ;
EOF
<1>flush
<1>;
cmdarg:
flush;
<1>add
<1>=20
<1>10.2.3.4
<1>=20
<1>10.6.7.8
<1>=20
<1>ah-old
<1> =20
<1>1000
<1>=20
<1>-m
<1>=20
<1>transport
<1>=20
<1>-A
<1>=20
<1>keyed-md5
<1>=20
<1>"MYSECRETMYSECRET"
line 2: Must get supported algorithms list first at [MYSECRETMYSECRET]
parse failed, line 2.

Here's the kernel version.

# uname -a
FreeBSD dantooine.vindaloo.com 4.3-STABLE FreeBSD 4.3-STABLE #0: Wed Jul 18=
=20
08:09:19 EDT 2001     root@hoth.vindaloo.com:/usr/src/sys/compile/DANTOOINE=
 =20
i386

Chris Hilton                                 chilton-at-vindaloo-dot-com
------------------------------------------------------------------------
                "All I was doing was trying to get home from work!"
                                                 -- Rosa Parks

--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQEVAwUBO983AoLaxorQlXotAQFd2wf/YbrjkrHGzQCDqx7IlzJyV07cAzhjK/1Y
q3CBfcAC7I30Q4gaxbCTLCEz8/tdYwra0yhYxKTbxDT6Nqaow6CDetmnnm7yN0l3
EQe1RCTIhxJZWAdxqTk4jmcsZmP4SDDo1KHs3aZ3WKvyAqSZ9up5QC88HCJJM+ek
QNjZuQqCcxTQGoewCJYoIimgRe2Gax8yczm6CUlGKnuFd2Ks8MUxfF3TBTJF7B4J
2aJ08BiqMad41sg1RuSoKsafPcUTFl0xkNqKZ2NARTBeLebiBYE+j7YZIamJpWI4
boy5Ffulp8Y00KSqEjfBlPM1zTRM1L+MQ8pSJty+EfyYUBOlQwwlOw==
=cNur
-----END PGP SIGNATURE-----

--gBBFr7Ir9EOA20Yy--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message