Date: Mon, 29 Dec 2008 22:20:47 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Gabe <nrml@att.net> Cc: freebsd-net@freebsd.org Subject: Re: +ipsec_common_input: no key association found for SA Message-ID: <20081229221821.O28465@maildrop.int.zabbadoz.net> In-Reply-To: <249410.54381.qm@web83812.mail.sp1.yahoo.com> References: <249410.54381.qm@web83812.mail.sp1.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Dec 2008, Gabe wrote:
> I guess more importantly would be the ipsec configuration:
>
> spdadd 192.168.10.0/24 192.168.10.165/32 any -P in none;
> spdadd 192.168.10.165/32 192.168.10.0/24 any -P out none;
>
> spdadd 192.168.10.0/24 192.168.20.0/24 any -P out ipsec esp/tunnel/box-box2/unique;
> spdadd 192.168.20.0/24 192.168.10.0/24 any -P in ipsec esp/tunnel/box-box2/unique;
>
> "box" being the server with the error message and box2 being the server at the end, which also has this error message.
And I assume there is a typo in the spdadd lines.
1) I cannot see why you'd need the first two if the two tuples are
your entire policy.
2) for the 2nd tuple both are box-box2 but one should be box2-box (but
I assume this is a typo into the mail).
--
Bjoern A. Zeeb The greatest risk is not taking one.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081229221821.O28465>