Date: Fri, 7 Apr 2000 15:36:42 -0700 From: "Adam Kaufman" <adam@securify.com> To: <freebsd-security@freebsd.org> Subject: ipsec on freebsd Message-ID: <000901bfa0e1$c024b4a0$1f3f050a@cerberus>
next in thread | raw e-mail | index | archive | help
We are trying to get a peer to peer connection between two FreeBSD machines. Both hosts are on the same network. We have received the following error messages: IPv4 ESP input: no key association found for spi 5441:dropping the packet for simplicity Any help with this would be greatly appreciated. Below are the setkey.conf files for both machines. >>>> setkey.conf for 10.5.63.100 <<<< flush ; add 10.5.63.100 10.5.63.81 esp 5441 -m any -f zero-pad -E des-cbc "12345678" add 10.5.63.81 10.5.63.100 esp 9998 -m any -f zero-pad -E des-cbc "12345678"; add 10.5.63.100 10.5.63.81 ah 5442 -m any -A hmac-md5 "1234567887654321" ; add 10.5.63.81 10.5.63.100 ah 9999 -m any -A hmac-md5 "1234567887654321" ; spdflush ; spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp -P in ipsec esp/transport//use; spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp -P out ipsec esp/transport//use; >>>> setkey.conf for 10.5.63.81 <<<< flush ; add 10.5.63.100 10.5.63.81 esp 5441 -m any -f zero-pad -E des-cbc "12345678" add 10.5.63.81 10.5.63.100 esp 9998 -m any -f zero-pad -E des-cbc "12345678"; add 10.5.63.100 10.5.63.81 ah 5442 -m any -A hmac-md5 "1234567887654321" ; add 10.5.63.81 10.5.63.100 ah 9999 -m any -A hmac-md5 "1234567887654321" ; spdflush ; spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp -P in ipsec esp/transport//use; spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp -P out ipsec esp/transport//use -- Adam Kaufman Securify, A Kroll-O'Gara Company Office: [650] 812-9400 x 4148 Mobile: [650] 814-5948 PGP Fingerprint: 57F4 C284 9BE3 188D 87C4 0240 37B7 554B 7AFC 06C5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901bfa0e1$c024b4a0$1f3f050a>