From owner-freebsd-questions Thu Jul 26 13:36:31 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.mriresearch.org (unknown [209.176.129.26]) by hub.freebsd.org (Postfix) with ESMTP id 288AB37B407 for ; Thu, 26 Jul 2001 13:36:25 -0700 (PDT) (envelope-from GScherb@mriresearch.org) Received: from ims02.mriresearch.org [10.16.4.35] by mail.mriresearch.org with ESMTP (SMTPD32-6.06) id AED04F6011C; Thu, 26 Jul 2001 15:34:24 -0500 Received: by ims02.mriresearch.org with Internet Mail Service (5.5.2650.21) id ; Thu, 26 Jul 2001 15:29:47 -0500 Message-ID: From: "Scherb, Glenn" To: 'Gavin Kenny' , "'questions@freebsd.org'" Subject: RE: Date: Thu, 26 Jul 2001 15:29:46 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG -- Glenn Scherb Midwest Research Institute 425 Volker Boulevard Kansas City, Missouri 64110 gscherb@mriresearch.org http://www.mriresearch.org Phone: (816)753-7600 x1806 FAX: (816)753-5359 Page: (816)990-8513 pagegscherb@mriresearch.org -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Gavin Kenny Sent: Thursday, July 26, 2001 10:30 AM To: questions@freebsd.org Subject: Bianco wrote: I've got a PC on which IPsec has to be installed. The PC should just unpack the packets it received an send it to an other PC. So, I edit, configure and install the kernel new with following lines: options IPSEC options IPSEC_ESP options IPSEC_DEBUG This works very well and the system boots with my new kernel. Then I make the setkey-command in this way: setkey -c << EOF spdadd 161.0.0.1 121.0.0.1 any -P out ipsec esp/tunnel/141.0.5.1-141.0.1.2/require ; spdadd 121.0.0.1 161.0.0.1 any -P out ipsec esp/tunnel/141.0.1.2-141.0.5.1/require ; add 141.0.1.2 141.0.5.1 esp 1000 -m tunnel -E simple ; add 141.0.5.1 141.0.1.2 esp 1001 -m tunnel -E simple ; EOF And it also works. I can check the entries in the SAD- and SPD-tables. The routes for the routing are also configured and they should work. Well, my Problem is, that the IPsec doesn't unpack the data-packages. So the PC isn't possible to send it to the next PC. Is there anything that I've forgotten to install or configure? Is there any possibility to debug the processes IPsec dose? If there is anyone who can help, please write back as soon as possible. Thank you very much Bianca I'm having to guess about what machines your IP numbers represent, but it all looks OK, apart from your ADD entries. You haven't supplied a password/passphrase for the algorithm to use. i.e. ..... -E simple "password"; hope it helps Gavin ____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message