Date: Tue, 29 May 2018 16:50:04 +0000 From: Robert Ames <robertames@hotmail.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Help configuring IPsec Message-ID: <SN2PR0801MB07827D6219E9363D52695C79C96D0@SN2PR0801MB0782.namprd08.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
I'm trying to figure out how to enable IPsec between 2 machines on the name LAN. If I use ESP only things work fine. But I can't get setkey to parse the conf file when I try to add AH. I get the following error: Installing ipsec manual keys/policies. The result of line 7: Invalid argument. The result of line 8: Invalid argument. I don't understand which argument is invalid or why. Here's my ipsec.conf file: spdflush; flush; add 192.168.1.1 192.168.1.2 esp 0x6f09e2b3 -E rijndael-cbc 0xdd250866139cd478998afcad368a0b95; add 192.168.1.2 192.168.1.1 esp 0x2f93524b -E rijndael-cbc 0x7fad6fa6f8b736c8a31c00580af96928; add 192.168.1.1 192.168.1.2 ah 0x50cd6299 -A hmac-md5 0x220911839aac307a0bf2b5c224cef952; add 192.168.1.2 192.168.1.1 ah 0x13dbc343 -A hmac-md5 0x76e064204af70bf18e4ae6a7d2ec5d25; spdadd 192.168.1.1 192.168.1.2 any -P out ipsec esp/transport//require ah/transport//require; spdadd 192.168.1.2 192.168.1.1 any -P in ipsec esp/transport//require ah/transport//require;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SN2PR0801MB07827D6219E9363D52695C79C96D0>