From owner-freebsd-questions@freebsd.org  Tue May 29 16:50:07 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 480C4EF8036
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 29 May 2018 16:50:07 +0000 (UTC)
 (envelope-from robertames@hotmail.com)
Received: from NAM01-BN3-obe.outbound.protection.outlook.com
 (mail-oln040092000107.outbound.protection.outlook.com [40.92.0.107])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "Microsoft IT TLS CA 4" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B23CD7434C
 for <freebsd-questions@freebsd.org>; Tue, 29 May 2018 16:50:06 +0000 (UTC)
 (envelope-from robertames@hotmail.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=katoTR/u66bgffA65dZs47ERtX4p9rtts1uZZAKApIA=;
 b=cj4VVuHBOmWvuIuKK3VQfi7ipOouKVbvhJH7DHBUMChUWIK5V99G/isWZFoAd7G+CWbXCwRUMF6bjhPbK1p9AFlcdXN14/AhKc1s/CJIZMVn+YTCq27ZaJV9KYsZCyvjYGWMYiNwadgoEq6USxpqAJN0Wh2r3V04ShsI2BpHVy87Ij1yCHxqcJAY9m/VO/b0PIT3xF4dhkR6E1CoGhZbff8hR4QDiFcyL/p3wIUOLlX0uA5IuyWm6HolTY+RozmAFPdSWq+NgZacPcqNz0AjqAk9tDtUdb6N1f4UhbhGzC+l0bJHv8N11sOfF9oYUK5/z89LhN1A/memjOJFq259/Q==
Received: from BY2NAM01FT061.eop-nam01.prod.protection.outlook.com
 (10.152.68.52) by BY2NAM01HT168.eop-nam01.prod.protection.outlook.com
 (10.152.69.251) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.820.8; Tue, 29
 May 2018 16:50:04 +0000
Received: from SN2PR0801MB0782.namprd08.prod.outlook.com (10.152.68.58) by
 BY2NAM01FT061.mail.protection.outlook.com (10.152.68.251) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
 15.20.820.8 via Frontend Transport; Tue, 29 May 2018 16:50:04 +0000
Received: from SN2PR0801MB0782.namprd08.prod.outlook.com
 ([fe80::c111:7b9a:48c8:91]) by SN2PR0801MB0782.namprd08.prod.outlook.com
 ([fe80::c111:7b9a:48c8:91%15]) with mapi id 15.20.0820.010; Tue, 29 May 2018
 16:50:04 +0000
From: Robert Ames <robertames@hotmail.com>
To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject: Help configuring IPsec
Thread-Topic: Help configuring IPsec
Thread-Index: AQHT92wkC3NJ4VJA5UaEf/CDHywlPQ==
Date: Tue, 29 May 2018 16:50:04 +0000
Message-ID: <SN2PR0801MB07827D6219E9363D52695C79C96D0@SN2PR0801MB0782.namprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-incomingtopheadermarker: OriginalChecksum:F2F682C616BE266C580183C47E71D40C7054BFDF5F18EB73CF5FD83C1A8965AC;
 UpperCasedChecksum:7ADD33F48221DB14C00E0450DE5AEA170CF312C5346354BEC540B645D4EB434A;
 SizeAsReceived:6889; Count:44
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [llcF07ZplAtNVN2IfwhZOF2tRtehm3kJ]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BY2NAM01HT168;
 7:bNCToZtHZav4q1p8G2sjuwKb4m9iuTjpNrsXCQvsdYozb5MNo5LZisjMAKzRIC3XEe1/va8e6+0geLZL1F+93I2bFoqe/d3/AFdLVdM+mf2y2GogGvfm5BosaI4fJVfxYXZ/L6eZDkrnDFTPyRecmoBBzeeGZZNXa2hyHjikSzuCOqFznhTZ0q8jevynsGx/XTnyRdNmAT0DidGbaAygif4yi8evwDT49KZtIAsmyR6XQ5TF8OhR6vMnu3yemPSn
x-incomingheadercount: 44
x-eopattributedmessage: 0
x-microsoft-antispam: UriScan:; BCL:0; PCL:0;
 RULEID:(7020095)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031324274)(2017031323274)(2017031322404)(1603101448)(1601125466)(1701031045);
 SRVR:BY2NAM01HT168; 
x-ms-traffictypediagnostic: BY2NAM01HT168:
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(444000031);
 SRVR:BY2NAM01HT168; BCL:0; PCL:0; RULEID:; SRVR:BY2NAM01HT168; 
x-forefront-prvs: 0687389FB0
x-forefront-antispam-report: SFV:NSPM;
 SFS:(7070007)(189003)(199004)(6506007)(305945005)(74316002)(25786009)(104016004)(26005)(2351001)(3480700004)(8936002)(2900100001)(7696005)(14454004)(3660700001)(33656002)(3280700002)(6916009)(7116003)(83332001)(575784001)(86362001)(2501003)(5660300001)(9686003)(5250100002)(106356001)(55016002)(6436002)(5640700003)(87572001)(476003)(20460500001)(82202002)(99286004)(97736004)(8676002)(6346003)(81156014)(486006)(105586002)(68736007)(73972006)(102836004)(15852004);
 DIR:OUT; SFP:1901; SCL:1; SRVR:BY2NAM01HT168;
 H:SN2PR0801MB0782.namprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords;
 MX:1; A:1; LANG:; 
received-spf: None (protection.outlook.com: hotmail.com does not designate
 permitted sender hosts)
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=robertames@hotmail.com; 
x-microsoft-antispam-message-info: D+lfOwkT6f73yaqviF2jOyDu6tiLKTegq5If86TkVyYIr9uXqKef7jYY3D9euVj7eg0pkr7IIG+ww12Zl/1gHbbdL8ow3Xmd1i12V5HU+imlEXWYXSQTyXeFbmVN4HXxiT3CL904D1dBuilqPJMW3rhlXpeeyACCCIeQWp/gQJIPITBWgz9Scsmwj7MjJv/a
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 0c133ca4-5ad5-4ef0-3c6d-08d5c5843a6b
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7
X-MS-Exchange-CrossTenant-Network-Message-Id: 0c133ca4-5ad5-4ef0-3c6d-08d5c5843a6b
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: b6587b75-6f1a-4db7-b0b6-5cad10ef59a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2018 16:50:04.4410 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2NAM01HT168
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 29 May 2018 16:50:07 -0000

I'm trying to figure out how to enable IPsec between 2 machines on
the name LAN.=A0 If I use ESP only things work fine.=A0 But I can't get
setkey to parse the conf file when I try to add AH.=A0 I get the
following error:

Installing ipsec manual keys/policies.
The result of line 7: Invalid argument.
The result of line 8: Invalid argument.

I don't understand which argument is invalid or why.  Here's my
ipsec.conf file:

spdflush;
flush;

add 192.168.1.1 192.168.1.2 esp 0x6f09e2b3 -E rijndael-cbc 0xdd250866139cd4=
78998afcad368a0b95;
add 192.168.1.2 192.168.1.1 esp 0x2f93524b -E rijndael-cbc 0x7fad6fa6f8b736=
c8a31c00580af96928;

add 192.168.1.1 192.168.1.2 ah 0x50cd6299 -A hmac-md5 0x220911839aac307a0bf=
2b5c224cef952;
add 192.168.1.2 192.168.1.1 ah 0x13dbc343 -A hmac-md5 0x76e064204af70bf18e4=
ae6a7d2ec5d25;

spdadd 192.168.1.1 192.168.1.2 any -P out ipsec esp/transport//require ah/t=
ransport//require;
spdadd 192.168.1.2 192.168.1.1 any -P in ipsec esp/transport//require ah/tr=
ansport//require;