Date: Tue, 29 May 2018 16:50:04 +0000 From: Robert Ames <robertames@hotmail.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Help configuring IPsec Message-ID: <SN2PR0801MB07827D6219E9363D52695C79C96D0@SN2PR0801MB0782.namprd08.prod.outlook.com>
next in thread | raw e-mail | index | archive | help
I'm trying to figure out how to enable IPsec between 2 machines on the name LAN.=A0 If I use ESP only things work fine.=A0 But I can't get setkey to parse the conf file when I try to add AH.=A0 I get the following error: Installing ipsec manual keys/policies. The result of line 7: Invalid argument. The result of line 8: Invalid argument. I don't understand which argument is invalid or why. Here's my ipsec.conf file: spdflush; flush; add 192.168.1.1 192.168.1.2 esp 0x6f09e2b3 -E rijndael-cbc 0xdd250866139cd4= 78998afcad368a0b95; add 192.168.1.2 192.168.1.1 esp 0x2f93524b -E rijndael-cbc 0x7fad6fa6f8b736= c8a31c00580af96928; add 192.168.1.1 192.168.1.2 ah 0x50cd6299 -A hmac-md5 0x220911839aac307a0bf= 2b5c224cef952; add 192.168.1.2 192.168.1.1 ah 0x13dbc343 -A hmac-md5 0x76e064204af70bf18e4= ae6a7d2ec5d25; spdadd 192.168.1.1 192.168.1.2 any -P out ipsec esp/transport//require ah/t= ransport//require; spdadd 192.168.1.2 192.168.1.1 any -P in ipsec esp/transport//require ah/tr= ansport//require;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?SN2PR0801MB07827D6219E9363D52695C79C96D0>