From owner-freebsd-net@FreeBSD.ORG  Thu Aug 18 16:40:03 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 60AB716A41F
	for <freebsd-net@freebsd.org>; Thu, 18 Aug 2005 16:40:03 +0000 (GMT)
	(envelope-from ern001@gmail.com)
Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DE34943D46
	for <freebsd-net@freebsd.org>; Thu, 18 Aug 2005 16:40:02 +0000 (GMT)
	(envelope-from ern001@gmail.com)
Received: by wproxy.gmail.com with SMTP id i4so401343wra
	for <freebsd-net@freebsd.org>; Thu, 18 Aug 2005 09:40:02 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
	b=XwD8ElwFG8F5oEcq3LxwI/G3oMeixR+BI2WTikuoXBpaj7aghN9yW74kq8facC8FcfBfTE14Ua4wHc09PtUXY47m/ALIMSe8xvBnhLkl53Ydd0VvpddTDDNfl7fbRjsFuZpPyx0Z+2JtZTJirgHOB7CzWfXQ7zrKxxQV2jB+QZw=
Received: by 10.54.11.10 with SMTP id 10mr1329195wrk;
	Thu, 18 Aug 2005 09:40:00 -0700 (PDT)
Received: by 10.54.81.11 with HTTP; Thu, 18 Aug 2005 09:40:00 -0700 (PDT)
Message-ID: <726b9b2105081809406dffa54f@mail.gmail.com>
Date: Thu, 18 Aug 2005 10:40:00 -0600
From: Ernie <ern001@gmail.com>
To: freebsd-net@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Subject: spdadd IPSec tunnel with AH+ESP
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2005 16:40:03 -0000

I'm trying to setup FreeBSD 5.4 in tunnel mode with AH+ESP, what is
the appropriate spdadd syntax to pass to setkey to set this policy?

Currently I'm trying,

spdadd 192.168.1.60 192.168.1.250 any -P out ipsec
esp/tunnel/192.168.1.60-192.168.1.250/use
ah/tunnel/192.168.1.60-192.168.1.250/use;
spdadd 192.168.1.250 192.168.1.60 any -P in ipsec
esp/tunnel/192.168.1.250-192.168.1.60/use
ah/tunnel/192.168.1.250-192.168.1.60/use;

but cannot get it to interop with vxWorks or Windows XP, but those two
interop just fine, so I'm supposing that my spd policies are setup
incorrectly. Also the same setup works perfectly with both vxWorks and
Windows XP in transport mode. Anyway just want to know what is the
correct way of setting up AH+ESP for spd.

Thanks,
Ernie