Date: Fri, 7 Apr 2000 15:36:42 -0700 From: "Adam Kaufman" <adam@securify.com> To: <freebsd-security@freebsd.org> Subject: ipsec on freebsd Message-ID: <000901bfa0e1$c024b4a0$1f3f050a@cerberus>
next in thread | raw e-mail | index | archive | help
We are trying to get a peer to peer connection between two FreeBSD machines.
Both hosts are on the same network. We have received the following error
messages:
IPv4 ESP input: no key association found for spi 5441:dropping the packet
for simplicity
Any help with this would be greatly appreciated. Below are the setkey.conf
files for both machines.
>>>> setkey.conf for 10.5.63.100 <<<<
flush ;
add 10.5.63.100 10.5.63.81 esp 5441
-m any
-f zero-pad
-E des-cbc "12345678"
add 10.5.63.81 10.5.63.100 esp 9998
-m any
-f zero-pad
-E des-cbc "12345678";
add 10.5.63.100 10.5.63.81 ah 5442
-m any
-A hmac-md5 "1234567887654321" ;
add 10.5.63.81 10.5.63.100 ah 9999
-m any
-A hmac-md5 "1234567887654321" ;
spdflush ;
spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp
-P in ipsec esp/transport//use;
spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp
-P out ipsec esp/transport//use;
>>>> setkey.conf for 10.5.63.81 <<<<
flush ;
add 10.5.63.100 10.5.63.81 esp 5441
-m any
-f zero-pad
-E des-cbc "12345678"
add 10.5.63.81 10.5.63.100 esp 9998
-m any
-f zero-pad
-E des-cbc "12345678";
add 10.5.63.100 10.5.63.81 ah 5442
-m any
-A hmac-md5 "1234567887654321" ;
add 10.5.63.81 10.5.63.100 ah 9999
-m any
-A hmac-md5 "1234567887654321" ;
spdflush ;
spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp
-P in ipsec esp/transport//use;
spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp
-P out ipsec esp/transport//use
-- Adam Kaufman
Securify, A Kroll-O'Gara Company
Office: [650] 812-9400 x 4148 Mobile: [650] 814-5948
PGP Fingerprint: 57F4 C284 9BE3 188D 87C4 0240 37B7 554B 7AFC 06C5
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901bfa0e1$c024b4a0$1f3f050a>