Date: Wed, 15 Jan 2003 15:17:53 -0800 From: Gregory Carvalho <GregoryC@stcinc.com> To: Matthias Teege <matthias-fbsdsec@mteege.de> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ESP input: no key association found for spi Message-ID: <3E25EC21.CF412BEA@stcinc.com> References: <20030111122334.GB33642@gic.mteege.de>
next in thread | previous in thread | raw e-mail | index | archive | help
The error indicates to me that the SPI contains no valid SPD entry for
the SADB entry.
While all your sample numbers match, I'll change them to create the
error (I just changed the first occurance of 192.168.9.11 to
192.168.9.12):
spdadd 192.168.0.0/24 0.0.0.0/0 any -P in ipsec
esp/tunnel/192.168.9.9-192.168.9.12;
bullet# setkey -DP
192.168.0.0/24[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/192.168.9.9-192.168.9.11/default
spid=73 seq=1 pid=95831
refcnt=1
I hope this helps you find the answer.
-GCC
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E25EC21.CF412BEA>