From owner-freebsd-net Sun Aug 5 22:45:42 2001 Delivered-To: freebsd-net@freebsd.org Received: from coconut.itojun.org (coconut.itojun.org [210.160.95.97]) by hub.freebsd.org (Postfix) with ESMTP id 7D33B37B401 for ; Sun, 5 Aug 2001 22:45:39 -0700 (PDT) (envelope-from itojun@itojun.org) Received: from itojun.org (localhost [127.0.0.1]) by coconut.itojun.org (Postfix) with ESMTP id 877AD4B21; Mon, 6 Aug 2001 14:45:35 +0900 (JST) To: "Travis Leuthauser" Cc: freebsd-net@freebsd.org In-reply-to: lists-freebsd-net's message of Sun, 05 Aug 2001 21:05:14 EST. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: IPSec Question From: itojun@iijlab.net Date: Mon, 06 Aug 2001 14:45:35 +0900 Message-ID: <25572.997076735@itojun.org> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >I'm trying to setup a tunnel between a FreeBSD 4.4 Prerelease box and a >Netopia R9100 dual ethernet router. Here's my current setup. FreeBSD box >is doing nat for my private nat and is running IPFW allowing only desired >ports in. > >Private IP = 172.16.69.1 >Public IP = a.a.a.a >Netopia R9100 Public IP = b.b.b.b >Netopia R9100 Private IP = 172.16.250.1 >32 Char. Hex Auth Key = 75b916ac534cef32d3db8a44cf5b62c1 >SPI = 2568731067 >Auth Type = esp >Auth Transform = hmac-md5-96 >No Encryption >No Compression > >Here's where my problem is coming in. If I issue the following command: > >firewall# setkey -c <? add a.a.a.a b.b.b.b esp 2568731067 -m tunnel -A hmac-md5 >0x75b916ac534cef32d3db8a44cf5b62c1 ; >? EOF > >I get the following: > >The result of line 1: Invalid argument. you need " -E simple" for "ESP with no encryption" setting. itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message