From owner-freebsd-security Wed Jan 15 15:14:33 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0EB337B401 for ; Wed, 15 Jan 2003 15:14:31 -0800 (PST) Received: from internet.simplifiedtechnology.com (internet.simplifiedtechnology.com [168.103.109.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 10E4643F1E for ; Wed, 15 Jan 2003 15:14:31 -0800 (PST) (envelope-from GregoryC@stcinc.com) Received: from stcinc.com ([10.1.1.2]) by internet.simplifiedtechnology.com (8.10.2/8.10.2) with ESMTP id h0FNJQ999340; Wed, 15 Jan 2003 15:19:30 -0800 (PST) Message-ID: <3E25EC21.CF412BEA@stcinc.com> Date: Wed, 15 Jan 2003 15:17:53 -0800 From: Gregory Carvalho Organization: Simplified Technology Company X-Mailer: Mozilla 4.51 [en] (X11; I; FreeBSD 3.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Matthias Teege Cc: freebsd-security@FreeBSD.ORG Subject: Re: ESP input: no key association found for spi References: <20030111122334.GB33642@gic.mteege.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The error indicates to me that the SPI contains no valid SPD entry for the SADB entry. While all your sample numbers match, I'll change them to create the error (I just changed the first occurance of 192.168.9.11 to 192.168.9.12): spdadd 192.168.0.0/24 0.0.0.0/0 any -P in ipsec esp/tunnel/192.168.9.9-192.168.9.12; bullet# setkey -DP 192.168.0.0/24[any] 0.0.0.0/0[any] any in ipsec esp/tunnel/192.168.9.9-192.168.9.11/default spid=73 seq=1 pid=95831 refcnt=1 I hope this helps you find the answer. -GCC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message