From owner-freebsd-net Sun Feb 18 20: 6:55 2001 Delivered-To: freebsd-net@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id CB81937B491 for ; Sun, 18 Feb 2001 20:06:50 -0800 (PST) Received: from localhost ([202.249.11.124]) by mine.kame.net (8.9.3/3.7W) with ESMTP id NAA51816; Mon, 19 Feb 2001 13:18:32 +0900 (JST) To: narai@kies.co.kr Cc: freebsd-net@FreeBSD.ORG, sakane@kame.net Subject: Re: How to get AH working? In-Reply-To: Your message of "Wed, 14 Feb 2001 11:27:23 +0900" <002201c0962d$aa0bf920$d30110ac@narai> References: <002201c0962d$aa0bf920$d30110ac@narai> X-Mailer: Cue version 0.6 (010125-0306/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20010219130857U.sakane@ydc.co.jp> Date: Mon, 19 Feb 2001 13:08:57 +0900 From: "Shoichi 'Ne' Sakane" X-Dispatcher: imput version 990905(IM130) Lines: 21 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > i installed freebsd4.2 and kame-20010212-freebsd42-snap and tried IPSEC connecti > ons. > ESP mode worked fine with kame(racoon) but I couldn't get AH mode connection. > Following is the error messages. > > keTest# Feb 14 10:48:31 IkeTest /kernel: checksum mismatch in IPv4 > AH input: packet(SPI=225667595 src=172.16.1.211 dst=172.16.1.210) > SA(SPI=225667595 src=172.16.1.211 dst=172.16.1.210) The sender calculates the checksum of the packet by mixing the cipher key negotiated, adds the checksum to the packet, and then sends the packet to the receiver. The receiver re-calculates the checksum of the packet by mixing the cipher key negotiated, and compares the checksum from the sender and the one re-calculated. The above error happened when the receiver compared the checksums. The cipher key might mismatch in this case. Could you show me the BOTH hosts's SAD during the error messages are printing. The way to catching the SAD is the following. # setkey -D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message