From owner-freebsd-current  Sun Apr  9  5: 9: 6 2000
Delivered-To: freebsd-current@freebsd.org
Received: from netvalue-gw.netvalue.fr (netvalue-gw.netvalue.fr [195.115.44.161])
	by hub.freebsd.org (Postfix) with ESMTP id DCAF437B652
	for <current@freebsd.org>; Sun,  9 Apr 2000 05:08:46 -0700 (PDT)
	(envelope-from erwan@netvalue.com)
Received: (from bin@localhost)
	by netvalue-gw.netvalue.fr (8.9.3/8.8.8) id OAA06460
	for <current@freebsd.org>; Sun, 9 Apr 2000 14:05:19 +0200 (CEST)
	(envelope-from erwan@netvalue.com)
X-Authentication-Warning: netvalue-gw.netvalue.fr: bin set sender to <erwan@netvalue.com> using -f
Received: from <erwan@netvalue.com> (dauphine.netvalue.fr [192.168.1.13]) by netvalue-gw.netvalue.fr via smap (V2.1)
	id xma006458; Sun, 9 Apr 00 14:05:03 +0200
Received: from netvalue.com ([192.168.1.1]) by mail.netvalue.fr
          (Netscape Messaging Server 3.6)  with ESMTP id AAA2E5A
          for <current@freebsd.org>; Sun, 9 Apr 2000 14:05:02 +0200
Message-ID: <38F071EE.CB78C94E@netvalue.com>
Date: Sun, 09 Apr 2000 14:05:02 +0200
From: Erwan Arzur <erwan@netvalue.com>
Organization: NetValue S.A.
X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386)
X-Accept-Language: en, fr-FR
MIME-Version: 1.0
To: current@freebsd.org
Subject: Success with ESP over IPV4 ?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Did someone manage to get a ESP tunnel over IPV4 working ?

I try to use the following setkey commands, which constantly fail with
the following message :
"Must get list of supported protocols first."

My problem is how to get this list of supported protocols ?

this config file is inspired from samples in /usr/src/usr.sbin/setkey
... i'm just experimenting, have a very limited knowledge about IPV6,
and the samples 
shipped with CURRENT's sources do not work out of the box :-(

all this stuff is done in order to test IPV6/pipsecd interoperability. 

Thanks in advance !

--- snip -- snip ---
flush;

add AAA.AAA.AAA.AAA BBB.BBB.BBB.BBB esp 1001 
    -m any -f zero-pad 
    -E blowfish-cbc "AAA key" ;

add BBB.BBB.BBB.BBB AAA.AAA.AAA.AAA esp 1001
    -m any
    -f zero-pad
    -E blowfish_cbc "BBB key";

spdflush;

spdadd AAA.AAA.AAA.AAA/32[any] BBB.BBB.BBB.BBB/32[any] any
        -P in ipsec esp/transport//use;
spdadd BBB.BBB.BBB.BBB/32[any] AAA.AAA.AAA.AAA/32[any] any
        -P out ipsec esp/transport//use;

-- 
UNIX *IS* user friendly.  It's just selective about who its friends are.
                                                               --unknown


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message