From owner-freebsd-security  Fri Sep 28  9:27:47 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ranger.argus-systems.com (ranger.argus-systems.com [206.221.232.80])
	by hub.freebsd.org (Postfix) with ESMTP id DAC9437B40C
	for <freebsd-security@freebsd.org>; Fri, 28 Sep 2001 09:27:39 -0700 (PDT)
Received: from dedog.argus-systems.co.uk (host62-6-115-175.host.btclick.com [62.6.115.175])
	by ranger.argus-systems.com (8.9.3/8.9.3) with SMTP id LAA27321
	for <freebsd-security@freebsd.org>; Fri, 28 Sep 2001 11:27:36 -0500 (CDT)
Received: by dedog.argus-systems.co.uk (sSMTP sendmail emulation); Fri, 28 Sep 2001 17:30:54 +0100
Date: Fri, 28 Sep 2001 17:30:54 +0100
From: Fergus Cameron <cameron@argus-systems.com>
To: security <freebsd-security@freebsd.org>
Subject: Re: IPSec with a Solaris 8 box
Message-ID: <20010928173053.E3792@dedog.argus-systems.co.uk>
Mail-Followup-To: security <freebsd-security@freebsd.org>
References: <3BB0EEE5.64D0D4F@iaces.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="a8Wt8u1KmwUX3Y2C"
Content-Disposition: inline
In-Reply-To: <3BB0EEE5.64D0D4F@iaces.com>; from proot@iaces.com on Tue, Sep 25, 2001 at 03:53:57PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

> Anybody done IPSEC between a FreeBSD box and a Solaris 8 box?

yup, please find attached.

also note that you need the optional encryption download from sun.
something it took me almost a week of testing before somebody finally
let me know - it doesn't appear on any docs as far as i can tell.

--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Description: solaris config entries (not single file on box)
Content-Disposition: attachment; filename="ipsec-test.conf"

add 192.168.1.30 192.168.1.20
	ah 0x1001 -m transport
	-A hmac-sha1 0x5468495369537468455465735441557448614c47 ;
add 192.168.1.20 192.168.1.30
	ah 0x1000 -m transport
	-A hmac-sha1 0x5468495369537468455465735441557448614c47 ;

spdadd 192.168.1.30 192.168.1.20 any
	-P out ipsec
		ah/transport/192.168.1.30-192.168.1.20/require ;
spdadd 192.168.1.20 192.168.1.30 any
	-P out ipsec
		ah/transport/192.168.1.20-192.168.1.30/use ;

--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Description: freebsd configuration file
Content-Disposition: attachment; filename="ipsec.conf"

add 192.168.1.30 192.168.1.20 ah 1001 -m transport -A hmac-sha1 0x5468495369537468455465735441557448614c47 ;
add 192.168.1.20 192.168.1.30 ah 1002 -m transport -A hmac-sha1 0x5468495369537468455465735441557448614c47 ;
add 192.168.1.30 192.168.1.20 esp 2001 -m transport -E des-cbc 0x7061737368657265 ;
add 192.168.1.20 192.168.1.30 esp 2002 -m transport -E des-cbc 0x7061737368657265 ;

spdadd 192.168.1.30 192.168.1.20 any -P in ipsec
	ah/transport/192.168.1.30-192.168.1.20/require
	esp/transport/192.168.1.30-192.168.1.20/require ;

--a8Wt8u1KmwUX3Y2C--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message