Date: Tue, 30 Oct 2001 18:25:55 -0500 From: Christopher Sean Hilton <chris@vindaloo.com> To: freebsd-questions@freebsd.org Subject: IPSEC -- setkey: "Must get supported algorithms list first..." Message-ID: <20011030182555.A2919@dantooine.vindaloo.com>
next in thread | raw e-mail | index | archive | help
--gBBFr7Ir9EOA20Yy
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi, I'm trying to setup a manually keyed IPSec tunnel between two=20
FreeBSD boxes. No matter how I run setkey I cannot get past this error:
Must get supported algorithms list first...
I stole the configuration from the FreeBSD IPSec HowTo figuring that I woul=
d=20
modify it to my needs. Here's an actual run:
# setkey -dv -c <<EOF
flush;
add 10.2.3.4 10.6.7.8 ah-old 1000 -m transport -A keyed-md5 "MYSECRETMYSEC=
RET" ;
add 10.6.7.8 10.2.3.4 ah 2000 -m transport -A hmac-sha1 "KAMEKAMEKAMEKAMEK=
AME" ;
add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ;
EOF
<1>flush
<1>;
cmdarg:
flush;
<1>add
<1>=20
<1>10.2.3.4
<1>=20
<1>10.6.7.8
<1>=20
<1>ah-old
<1> =20
<1>1000
<1>=20
<1>-m
<1>=20
<1>transport
<1>=20
<1>-A
<1>=20
<1>keyed-md5
<1>=20
<1>"MYSECRETMYSECRET"
line 2: Must get supported algorithms list first at [MYSECRETMYSECRET]
parse failed, line 2.
Here's the kernel version.
# uname -a
FreeBSD dantooine.vindaloo.com 4.3-STABLE FreeBSD 4.3-STABLE #0: Wed Jul 18=
=20
08:09:19 EDT 2001 root@hoth.vindaloo.com:/usr/src/sys/compile/DANTOOINE=
=20
i386
Chris Hilton chilton-at-vindaloo-dot-com
------------------------------------------------------------------------
"All I was doing was trying to get home from work!"
-- Rosa Parks
--gBBFr7Ir9EOA20Yy
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iQEVAwUBO983AoLaxorQlXotAQFd2wf/YbrjkrHGzQCDqx7IlzJyV07cAzhjK/1Y
q3CBfcAC7I30Q4gaxbCTLCEz8/tdYwra0yhYxKTbxDT6Nqaow6CDetmnnm7yN0l3
EQe1RCTIhxJZWAdxqTk4jmcsZmP4SDDo1KHs3aZ3WKvyAqSZ9up5QC88HCJJM+ek
QNjZuQqCcxTQGoewCJYoIimgRe2Gax8yczm6CUlGKnuFd2Ks8MUxfF3TBTJF7B4J
2aJ08BiqMad41sg1RuSoKsafPcUTFl0xkNqKZ2NARTBeLebiBYE+j7YZIamJpWI4
boy5Ffulp8Y00KSqEjfBlPM1zTRM1L+MQ8pSJty+EfyYUBOlQwwlOw==
=cNur
-----END PGP SIGNATURE-----
--gBBFr7Ir9EOA20Yy--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011030182555.A2919>