From owner-freebsd-questions Wed Oct 31 6:23:36 2001 Delivered-To: freebsd-questions@freebsd.org Received: from fw.vindaloo.com (ool-182dd047.dyn.optonline.net [24.45.208.71]) by hub.freebsd.org (Postfix) with ESMTP id 4ACDA37B405 for ; Wed, 31 Oct 2001 06:23:29 -0800 (PST) Received: (from uucp@localhost) by fw.vindaloo.com (8.10.1/8.10.1) id f9VENNm12777 for ; Wed, 31 Oct 2001 09:23:23 -0500 (EST) Received: from andale.vindaloo.com(192.168.133.3) via SMTP by fw.vindaloo.com, id smtpdQ21266; Wed Oct 31 09:23:16 2001 Received: by andale.vindaloo.com (Postfix, from userid 1000) id C85C86184; Wed, 31 Oct 2001 09:21:18 -0500 (EST) Date: Wed, 31 Oct 2001 09:21:17 -0500 From: Christopher Sean Hilton To: freebsd-questions@FreeBSD.ORG Subject: IPSEC Help? Message-ID: <20011031092117.A774@andale.vindaloo.com> References: <20011030182555.A2919@dantooine.vindaloo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011030182555.A2919@dantooine.vindaloo.com>; from chris@vindaloo.com on Tue, Oct 30, 2001 at 06:25:55PM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Oct 30, 2001 at 06:25:55PM -0500, Christopher Sean Hilton wrote: > Hi, I'm trying to setup a manually keyed IPSec tunnel between two > FreeBSD boxes. No matter how I run setkey I cannot get past this error: > > Must get supported algorithms list first... > > I stole the configuration from the FreeBSD IPSec HowTo figuring that I would > modify it to my needs. Here's an actual run: > > # setkey -dv -c < flush; > add 10.2.3.4 10.6.7.8 ah-old 1000 -m transport -A keyed-md5 "MYSECRETMYSECRET" ; > add 10.6.7.8 10.2.3.4 ah 2000 -m transport -A hmac-sha1 "KAMEKAMEKAMEKAMEKAME" ; > add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ; > EOF > <1>flush > <1>; > cmdarg: > flush; > <1>add > <1> > <1>10.2.3.4 > <1> > <1>10.6.7.8 > <1> > <1>ah-old > <1> > <1>1000 > <1> > <1>-m > <1> > <1>transport > <1> > <1>-A > <1> > <1>keyed-md5 > <1> > <1>"MYSECRETMYSECRET" > line 2: Must get supported algorithms list first at [MYSECRETMYSECRET] > parse failed, line 2. > > Here's the kernel version. > > # uname -a > FreeBSD dantooine.vindaloo.com 4.3-STABLE FreeBSD 4.3-STABLE #0: Wed Jul 18 > 08:09:19 EDT 2001 root@hoth.vindaloo.com:/usr/src/sys/compile/DANTOOINE > i386 > > Chris Hilton chilton-at-vindaloo-dot-com > ------------------------------------------------------------------------ > "All I was doing was trying to get home from work!" > -- Rosa Parks I just changed the subject line on this to see if I could actually get an answer. -- Chris Hilton chilton-at-vindaloo-dot-com ------------------------------------------------------------------------ "All I was doing was trying to get home from work!" -- Rosa Parks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message