From owner-freebsd-security Fri Apr 7 15:36:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.securify.com (relay.securify.com [207.5.63.61]) by hub.freebsd.org (Postfix) with SMTP id E214337B5F1 for ; Fri, 7 Apr 2000 15:36:19 -0700 (PDT) (envelope-from adam@securify.com) Received: by relay.securify.com; id PAA09543; Fri, 7 Apr 2000 15:38:34 -0700 Received: from unknown(10.5.63.6) by relay.securify.com via smap (V5.5) id xma009531; Fri, 7 Apr 00 15:38:05 -0700 Received: from cerberus (dude.securify.com [10.5.63.6]) by dude.securify.com (8.9.3/8.9.3) with SMTP id PAA31303 for ; Fri, 7 Apr 2000 15:38:04 -0700 (PDT) (envelope-from adam@securify.com) Reply-To: From: "Adam Kaufman" To: Subject: ipsec on freebsd Date: Fri, 7 Apr 2000 15:36:42 -0700 Message-ID: <000901bfa0e1$c024b4a0$1f3f050a@cerberus> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We are trying to get a peer to peer connection between two FreeBSD machines. Both hosts are on the same network. We have received the following error messages: IPv4 ESP input: no key association found for spi 5441:dropping the packet for simplicity Any help with this would be greatly appreciated. Below are the setkey.conf files for both machines. >>>> setkey.conf for 10.5.63.100 <<<< flush ; add 10.5.63.100 10.5.63.81 esp 5441 -m any -f zero-pad -E des-cbc "12345678" add 10.5.63.81 10.5.63.100 esp 9998 -m any -f zero-pad -E des-cbc "12345678"; add 10.5.63.100 10.5.63.81 ah 5442 -m any -A hmac-md5 "1234567887654321" ; add 10.5.63.81 10.5.63.100 ah 9999 -m any -A hmac-md5 "1234567887654321" ; spdflush ; spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp -P in ipsec esp/transport//use; spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp -P out ipsec esp/transport//use; >>>> setkey.conf for 10.5.63.81 <<<< flush ; add 10.5.63.100 10.5.63.81 esp 5441 -m any -f zero-pad -E des-cbc "12345678" add 10.5.63.81 10.5.63.100 esp 9998 -m any -f zero-pad -E des-cbc "12345678"; add 10.5.63.100 10.5.63.81 ah 5442 -m any -A hmac-md5 "1234567887654321" ; add 10.5.63.81 10.5.63.100 ah 9999 -m any -A hmac-md5 "1234567887654321" ; spdflush ; spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp -P in ipsec esp/transport//use; spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp -P out ipsec esp/transport//use -- Adam Kaufman Securify, A Kroll-O'Gara Company Office: [650] 812-9400 x 4148 Mobile: [650] 814-5948 PGP Fingerprint: 57F4 C284 9BE3 188D 87C4 0240 37B7 554B 7AFC 06C5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message