Date: Sun, 15 Oct 2000 16:44:49 -0200 From: "Fabrizzio Batista" <Fabrizzio.Batista@lojasobino.com.br> To: <freebsd-questions@freebsd.org> Subject: Re: Problems with IPSEC Message-ID: <00ca01c036d7$ff8a5be0$65010180@lojasobino.com.br>
next in thread | raw e-mail | index | archive | help
Thanks for help me, I´m very lost. Do you make IPSEC works ???
So, see the configuration and setkey output.
* LAN A - Subnet 192.168.1.0/24 -> IP: 200.248.23.134
IPSEC.CONF:
flush;
spdflush;
spdadd 192.168.1.0/24 128.1.1.0/24 any -P out ipsec
ah/tunnel/200.248.23.134-200.248.23.150/require;
spdadd 128.1.1.0/24 192.168.1.0/24 any -P in ipsec
ah/tunnel/200.248.23.150-200.248.23.134/require;
add 200.248.23.134 200.248.23.150 ah-old 0xd10003 -m any -A keyed-md5
"this is the test";
add 200.248.23.150 200.248.23.134 ah-old 0xd10004 -m any -A keyed-md5
"this is the test";
setkey -D:
200.248.23.150 200.248.23.134
ah mode=any spi=13697028(0x00d10004) reqid=0(0x00000000)
A: md5 74686973 20697320 74686520 74657374
replay=0 flags=0x00000041 state=mature seq=1 pid=390
created: Oct 15 16:26:57 2000 current: Oct 15 16:33:30 2000
diff: 393(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
refcnt=1
200.248.23.134 200.248.23.150
ah mode=any spi=13697027(0x00d10003) reqid=0(0x00000000)
A: md5 74686973 20697320 74686520 74657374
replay=0 flags=0x00000041 state=mature seq=0 pid=390
created: Oct 15 16:26:57 2000 current: Oct 15 16:33:30 2000
diff: 393(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
refcnt=1
setkey -DP:
128.1.1.0/24[any] 192.168.1.0/24[any] any
in ipsec
ah/tunnel/200.248.23.150-200.248.23.134/require
spid=4 seq=1 pid=389
refcnt=1
192.168.1.0/24[any] 128.1.1.0/24[any] any
out ipsec
ah/tunnel/200.248.23.134-200.248.23.150/require
spid=3 seq=0 pid=389
refcnt=1
* LAN B - Subnet 128.1.1.0/24 -> IP: 200.248.23.150
IPSEC.CONF:
flush;
spdflush;
spdadd 128.1.1.0/24 192.168.1.0/24 any -P out ipsec
ah/tunnel/200.248.23.150-200.248.23.134/require;
spdadd 192.168.1.0/24 128.1.1.0/24 any -P in ipsec
ah/tunnel/200.248.23.134-200.248.23.150/require;
add 200.248.23.134 200.248.23.150 ah-old 0xd10003 -m any -A keyed-md5 "this
is the test";
add 200.248.23.150 200.248.23.134 ah-old 0xd10004 -m any -A keyed-md5 "this
is the test";
setkey -D:
200.248.23.150 200.248.23.134
ah mode=any spi=13697028(0x00d10004) reqid=0(0x00000000)
A: md5 74686973 20697320 74686520 74657374
replay=0 flags=0x00000041 state=mature seq=1 pid=1404
created: Oct 15 18:21:18 2000 current: Oct 15 18:36:19 2000
diff: 901(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
refcnt=1
200.248.23.134 200.248.23.150
ah mode=any spi=13697027(0x00d10003) reqid=0(0x00000000)
A: md5 74686973 20697320 74686520 74657374
replay=0 flags=0x00000041 state=mature seq=0 pid=1404
created: Oct 15 18:21:18 2000 current: Oct 15 18:36:19 2000
diff: 901(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
refcnt=1
setkey -DP:
192.168.1.0/24[any] 128.1.1.0/24[any] any
in ipsec
ah/tunnel/200.248.23.134-200.248.23.150/require
spid=5 seq=1 pid=1405
refcnt=1
128.1.1.0/24[any] 192.168.1.0/24[any] any
out ipsec
ah/tunnel/200.248.23.150-200.248.23.134/require
spid=4 seq=0 pid=1405
refcnt=1
Thanks for all !!!
>
> What do the actual SAD and SPD entries look like, i.e. what does
> setkey -D and setkey -DP show? Need to see this on the other machine
> as well.
>
>
> Bill
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00ca01c036d7$ff8a5be0$65010180>