From owner-freebsd-net  Sun Aug  5 19: 5:20 2001
Delivered-To: freebsd-net@freebsd.org
Received: from firewall.crimsonwasteland.com (cx154799-b.btnrug1.la.home.com [24.181.119.107])
	by hub.freebsd.org (Postfix) with SMTP id 2DC2337B403
	for <freebsd-net@freebsd.org>; Sun,  5 Aug 2001 19:05:16 -0700 (PDT)
	(envelope-from lists-freebsd-net@crimsonwasteland.com)
Received: (qmail 1342 invoked from network); 5 Aug 2001 21:02:19 -0000
Received: from travis.crimsonwasteland.com (HELO travis) (172.16.69.2)
  by cx154799-b.btnrug1.la.home.com with SMTP; 5 Aug 2001 21:02:19 -0000
From: "Travis Leuthauser" <lists-freebsd-net@crimsonwasteland.com>
To: <freebsd-net@freebsd.org>
Subject: IPSec Question
Date: Sun, 5 Aug 2001 21:05:14 -0500
Message-ID: <OLEPKBMLIHCGDKLGKPJGKEDIDLAA.lists-freebsd-net@crimsonwasteland.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

I'm trying to setup a tunnel between a FreeBSD 4.4 Prerelease box and a
Netopia R9100 dual ethernet router.  Here's my current setup.  FreeBSD box
is doing nat for my private nat and is running IPFW allowing only desired
ports in.

Private IP = 172.16.69.1
Public IP = a.a.a.a
Netopia R9100 Public IP = b.b.b.b
Netopia R9100 Private IP = 172.16.250.1
32 Char. Hex Auth Key = 75b916ac534cef32d3db8a44cf5b62c1
SPI = 2568731067
Auth Type = esp
Auth Transform = hmac-md5-96
No Encryption
No Compression

Here's where my problem is coming in.  If I issue the following command:

firewall# setkey -c <<EOF
? add a.a.a.a b.b.b.b esp 2568731067 -m tunnel -A hmac-md5
0x75b916ac534cef32d3db8a44cf5b62c1 ;
? EOF

I get the following:

The result of line 1: Invalid argument.

I can successfully do the following:

firewall# setkey -c <<EOF
? spdadd 172.16.69.0/24 172.16.250.0/24 any -P out ipsec
esp/tunnel/a.a.a.a-b.b.b.b/require ;
? spdadd 172.16.250.0/24 172.16.69.0/24 any -P in ipsec
esp/tunnel/b.b.b.b-a.a.a.a/require ;
? EOF

if I issue:

firewall# setkey -DP

I get:

172.16.250.0/24[any] 172.16.69.0/24[any] any
        in ipsec
        esp/tunnel/b.b.b.b-a.a.a.a/require
        spid=4 seq=1 pid=1322
        refcnt=1
172.16.69.0/24[any] 172.16.250.0/24[any] any
        out ipsec
        esp/tunnel/a.a.a.a-b.b.b.b/require
        spid=3 seq=0 pid=1322
        refcnt=1

Please tell me where I'm going wrong in adding my SAD entry.  As well as any
thing else I might need to do once I successfully add my SAD entry.

Thanks,

Travis


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message