Date: Mon, 19 Feb 2001 13:08:57 +0900 From: "Shoichi 'Ne' Sakane" <sakane@ydc.co.jp> To: narai@kies.co.kr Cc: freebsd-net@FreeBSD.ORG, sakane@kame.net Subject: Re: How to get AH working? Message-ID: <20010219130857U.sakane@ydc.co.jp> In-Reply-To: Your message of "Wed, 14 Feb 2001 11:27:23 %2B0900" <002201c0962d$aa0bf920$d30110ac@narai> References: <002201c0962d$aa0bf920$d30110ac@narai>
next in thread | previous in thread | raw e-mail | index | archive | help
> i installed freebsd4.2 and kame-20010212-freebsd42-snap and tried IPSEC connecti > ons. > ESP mode worked fine with kame(racoon) but I couldn't get AH mode connection. > Following is the error messages. > > keTest# Feb 14 10:48:31 IkeTest /kernel: checksum mismatch in IPv4 > AH input: packet(SPI=225667595 src=172.16.1.211 dst=172.16.1.210) > SA(SPI=225667595 src=172.16.1.211 dst=172.16.1.210) The sender calculates the checksum of the packet by mixing the cipher key negotiated, adds the checksum to the packet, and then sends the packet to the receiver. The receiver re-calculates the checksum of the packet by mixing the cipher key negotiated, and compares the checksum from the sender and the one re-calculated. The above error happened when the receiver compared the checksums. The cipher key might mismatch in this case. Could you show me the BOTH hosts's SAD during the error messages are printing. The way to catching the SAD is the following. # setkey -D To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010219130857U.sakane>