Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 7 Apr 2000 15:36:42 -0700
From:      "Adam Kaufman" <adam@securify.com>
To:        <freebsd-security@freebsd.org>
Subject:   ipsec on freebsd
Message-ID:  <000901bfa0e1$c024b4a0$1f3f050a@cerberus>

next in thread | raw e-mail | index | archive | help
We are trying to get a peer to peer connection between two FreeBSD machines.
Both hosts are on the same network.  We have received the following error
messages:

IPv4 ESP input: no key association found for spi 5441:dropping the packet
for simplicity

Any help with this would be greatly appreciated.  Below are the setkey.conf
files for both machines.


>>>> setkey.conf for 10.5.63.100 <<<<

flush ;
add 10.5.63.100 10.5.63.81 esp 5441
        -m any
	-f zero-pad
        -E des-cbc "12345678"
add 10.5.63.81 10.5.63.100 esp 9998
	-m any
	-f zero-pad
        -E des-cbc "12345678";

add 10.5.63.100 10.5.63.81 ah 5442
        -m any
	-A hmac-md5 "1234567887654321" ;

add 10.5.63.81 10.5.63.100 ah 9999
        -m any
	-A hmac-md5 "1234567887654321" ;

spdflush ;

spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp
        -P in ipsec esp/transport//use;
spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp
        -P out ipsec esp/transport//use;

>>>> setkey.conf for 10.5.63.81 <<<<

flush ;
add 10.5.63.100 10.5.63.81 esp 5441
       -m any
	-f zero-pad
       -E des-cbc "12345678"
add 10.5.63.81 10.5.63.100 esp 9998
	-m any
	-f zero-pad
       -E des-cbc "12345678";

add 10.5.63.100 10.5.63.81 ah 5442
       -m any
	-A hmac-md5 "1234567887654321" ;

add 10.5.63.81 10.5.63.100 ah 9999
       -m any
	-A hmac-md5 "1234567887654321" ;

spdflush ;

spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp
        -P in ipsec esp/transport//use;
spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp
        -P out ipsec esp/transport//use


-- Adam Kaufman
Securify, A Kroll-O'Gara Company
Office: [650] 812-9400 x 4148                Mobile: [650] 814-5948
PGP Fingerprint: 57F4 C284 9BE3 188D 87C4  0240 37B7 554B 7AFC 06C5



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901bfa0e1$c024b4a0$1f3f050a>