From owner-freebsd-questions Thu Jul 26 7:29:15 2001 Delivered-To: freebsd-questions@freebsd.org Received: from gorilla.mchh.siemens.de (gorilla.mchh.siemens.de [194.138.158.18]) by hub.freebsd.org (Postfix) with ESMTP id 9E9BE37B40F for ; Thu, 26 Jul 2001 07:29:04 -0700 (PDT) (envelope-from Bianca.Burgardt@icn.siemens.de) Received: from blues.mchh.siemens.de (mail2.mchh.siemens.de [194.138.158.227]) by gorilla.mchh.siemens.de (8.9.3/8.9.3) with ESMTP id QAA15320 for ; Thu, 26 Jul 2001 16:28:54 +0200 (MET DST) Received: from icn.siemens.de ([139.21.136.238]) by blues.mchh.siemens.de (8.9.1/8.9.1) with ESMTP id QAA23902 for ; Thu, 26 Jul 2001 16:28:55 +0200 (MET DST) Message-ID: <3B602926.4B618903@icn.siemens.de> Date: Thu, 26 Jul 2001 16:28:54 +0200 From: Bianca Burgardt Organization: Siemens AG X-Mailer: Mozilla 4.5 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Subject: IPsec-Porblems! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I've got a PC on which IPsec has to be installed. The PC should just unpack the packets it received an send it to an other PC. So, I edit, configure and install the kernel new with following lines: options IPSEC options IPSEC_ESP options IPSEC_DEBUG This works very well and the system boots with my new kernel. Then I make the setkey-command in this way: setkey -c << EOF spdadd 161.0.0.1 121.0.0.1 any -P out ipsec esp/tunnel/141.0.5.1-141.0.1.2/require ; spdadd 121.0.0.1 161.0.0.1 any -P out ipsec esp/tunnel/141.0.1.2-141.0.5.1/require ; add 141.0.1.2 141.0.5.1 esp 1000 -m tunnel -E simple ; add 141.0.5.1 141.0.1.2 esp 1001 -m tunnel -E simple ; EOF And it also works. I can check the entries in the SAD- and SPD-tables. The routes for the routing are also configured and they should work. Well, my Problem is, that the IPsec doesn't unpack the data-packages. So the PC isn't possible to send it to the next PC. Is there anything that I've forgotten to install or configure? Is there any possibility to debug the processes IPsec dose? If there is anyone who can help, please write back as soon as possible. Thank you very much Bianca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message