From owner-freebsd-questions Sun Oct 15 7:35:52 2000 Delivered-To: freebsd-questions@freebsd.org Received: from ns1.springwoodsys.com (ns1.springwoodsys.com [12.38.17.16]) by hub.freebsd.org (Postfix) with ESMTP id B481C37B66D for ; Sun, 15 Oct 2000 07:35:44 -0700 (PDT) Received: from hq4.hq.springwoodsys.com (springwoodsys.erols.com [208.58.154.69]) by ns1.springwoodsys.com (8.9.3/8.9.3) with ESMTP id KAA19778; Sun, 15 Oct 2000 10:53:01 -0400 (EDT) (envelope-from bill@springwoodsys.com) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: Date: Sun, 15 Oct 2000 10:35:39 -0400 (EDT) From: "Bill O'Connell" To: "Bill O'Connell" , freebsd-questions@freebsd.org Subject: RE: Problems with IPSEC Cc: fabrizzio.batista@lojasobino.com.br Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > IPSEC is in my Kernel. > > options IPSEC > options IPSEC_ESP > > All configurations looks like OK for me. When I execute setkey -f > /ect/ipsec.conf, nothing happens. I think thatīs everything is OK > but > when I try to access the other subnet ... Using netstat -sn, ipsec > have in all lines the zero value. My FreeBSD version is 4.1 in both > sides. > > Do you help me ???? > > Thanks in advance, > > Fabrizzio > > > File IPSEC.CONF: > > flush; > spdflush; > spdadd 192.168.1.0/24 128.1.1.0/24 any -P out ipsec > ah/tunnel/200.248.27.134-200.248.27.150/require; > spdadd 128.1.1.0/24 192.168.1.0/24 any -P in ipsec > ah/tunnel/200.248.27.150-200.248.27.134/require; > add 200.248.27.134 200.248.27.150 ah-old 0x10003 -m any -A > keyed-md5 > "this is the test"; > add 200.248.27.150 200.248.27.134 ah-old 0x10004 -m any -A > keyed-md5 > "this is the test"; What do the actual SAD and SPD entries look like, i.e. what does setkey -D and setkey -DP show? Need to see this on the other machine as well. Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message