From owner-freebsd-questions  Sun Oct 15 11:50: 9 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from server3.lojasobino.com.br (server3.lojasobino.com.br [200.248.23.160])
	by hub.freebsd.org (Postfix) with ESMTP id 06C4937B66C
	for <freebsd-questions@freebsd.org>; Sun, 15 Oct 2000 11:49:58 -0700 (PDT)
Received: from pc2 (server1.lojasobino.com.br [200.248.23.150])
	by server3.lojasobino.com.br (8.9.3/8.9.3) with SMTP id QAA49755
	for <freebsd-questions@freebsd.org>; Sun, 15 Oct 2000 16:49:32 -0200 (EDT)
	(envelope-from Fabrizzio.Batista@lojasobino.com.br)
Message-ID: <00ca01c036d7$ff8a5be0$65010180@lojasobino.com.br>
From: "Fabrizzio Batista" <Fabrizzio.Batista@lojasobino.com.br>
To: <freebsd-questions@freebsd.org>
Subject: Re: Problems with IPSEC
Date: Sun, 15 Oct 2000 16:44:49 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


    Thanks for help me, I´m very lost. Do you make IPSEC works ???

    So, see the configuration and setkey output.

    * LAN A - Subnet 192.168.1.0/24 -> IP: 200.248.23.134

    IPSEC.CONF:

    flush;
    spdflush;
    spdadd 192.168.1.0/24 128.1.1.0/24 any -P out ipsec
ah/tunnel/200.248.23.134-200.248.23.150/require;
    spdadd 128.1.1.0/24 192.168.1.0/24 any -P in ipsec
ah/tunnel/200.248.23.150-200.248.23.134/require;
    add 200.248.23.134 200.248.23.150 ah-old 0xd10003 -m any -A keyed-md5
"this is the test";
    add 200.248.23.150 200.248.23.134 ah-old 0xd10004 -m any -A keyed-md5
"this is the test";

    setkey -D:

 200.248.23.150 200.248.23.134
 ah mode=any spi=13697028(0x00d10004) reqid=0(0x00000000)
 A: md5  74686973 20697320 74686520 74657374
 replay=0 flags=0x00000041 state=mature seq=1 pid=390
 created: Oct 15 16:26:57 2000 current: Oct 15 16:33:30 2000
 diff: 393(s) hard: 0(s) soft: 0(s)
 last:                      hard: 0(s) soft: 0(s)
 current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
 allocated: 0 hard: 0 soft: 0
 refcnt=1

200.248.23.134 200.248.23.150
 ah mode=any spi=13697027(0x00d10003) reqid=0(0x00000000)
 A: md5  74686973 20697320 74686520 74657374
 replay=0 flags=0x00000041 state=mature seq=0 pid=390
 created: Oct 15 16:26:57 2000 current: Oct 15 16:33:30 2000
 diff: 393(s) hard: 0(s) soft: 0(s)
 last:                      hard: 0(s) soft: 0(s)
 current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
 allocated: 0 hard: 0 soft: 0
 refcnt=1


    setkey -DP:

 128.1.1.0/24[any] 192.168.1.0/24[any] any
 in ipsec
 ah/tunnel/200.248.23.150-200.248.23.134/require
 spid=4 seq=1 pid=389
 refcnt=1
192.168.1.0/24[any] 128.1.1.0/24[any] any
 out ipsec
 ah/tunnel/200.248.23.134-200.248.23.150/require
 spid=3 seq=0 pid=389
 refcnt=1

    * LAN B - Subnet 128.1.1.0/24 -> IP: 200.248.23.150


    IPSEC.CONF:

flush;
spdflush;
spdadd 128.1.1.0/24 192.168.1.0/24 any -P out ipsec
ah/tunnel/200.248.23.150-200.248.23.134/require;
spdadd 192.168.1.0/24 128.1.1.0/24 any -P in ipsec
ah/tunnel/200.248.23.134-200.248.23.150/require;
add 200.248.23.134 200.248.23.150 ah-old 0xd10003 -m any -A keyed-md5 "this
is the test";
add 200.248.23.150 200.248.23.134 ah-old 0xd10004 -m any -A keyed-md5 "this
is the test";


    setkey -D:

200.248.23.150 200.248.23.134
 ah mode=any spi=13697028(0x00d10004) reqid=0(0x00000000)
 A: md5  74686973 20697320 74686520 74657374
 replay=0 flags=0x00000041 state=mature seq=1 pid=1404
 created: Oct 15 18:21:18 2000 current: Oct 15 18:36:19 2000
 diff: 901(s) hard: 0(s) soft: 0(s)
 last:                      hard: 0(s) soft: 0(s)
 current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
 allocated: 0 hard: 0 soft: 0
 refcnt=1
200.248.23.134 200.248.23.150
 ah mode=any spi=13697027(0x00d10003) reqid=0(0x00000000)
 A: md5  74686973 20697320 74686520 74657374
 replay=0 flags=0x00000041 state=mature seq=0 pid=1404
 created: Oct 15 18:21:18 2000 current: Oct 15 18:36:19 2000
 diff: 901(s) hard: 0(s) soft: 0(s)
 last:                      hard: 0(s) soft: 0(s)
 current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
 allocated: 0 hard: 0 soft: 0
 refcnt=1

    setkey -DP:

192.168.1.0/24[any] 128.1.1.0/24[any] any
 in ipsec
 ah/tunnel/200.248.23.134-200.248.23.150/require
 spid=5 seq=1 pid=1405
 refcnt=1
128.1.1.0/24[any] 192.168.1.0/24[any] any
 out ipsec
 ah/tunnel/200.248.23.150-200.248.23.134/require
 spid=4 seq=0 pid=1405
 refcnt=1


    Thanks for all !!!


>
> What do the actual SAD and SPD entries look like, i.e. what does
> setkey -D and setkey -DP show? Need to see this on the other machine
> as well.
>
>
> Bill





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message