Date: Sun, 5 Aug 2001 21:05:14 -0500 From: "Travis Leuthauser" <lists-freebsd-net@crimsonwasteland.com> To: <freebsd-net@freebsd.org> Subject: IPSec Question Message-ID: <OLEPKBMLIHCGDKLGKPJGKEDIDLAA.lists-freebsd-net@crimsonwasteland.com>
next in thread | raw e-mail | index | archive | help
I'm trying to setup a tunnel between a FreeBSD 4.4 Prerelease box and a Netopia R9100 dual ethernet router. Here's my current setup. FreeBSD box is doing nat for my private nat and is running IPFW allowing only desired ports in. Private IP = 172.16.69.1 Public IP = a.a.a.a Netopia R9100 Public IP = b.b.b.b Netopia R9100 Private IP = 172.16.250.1 32 Char. Hex Auth Key = 75b916ac534cef32d3db8a44cf5b62c1 SPI = 2568731067 Auth Type = esp Auth Transform = hmac-md5-96 No Encryption No Compression Here's where my problem is coming in. If I issue the following command: firewall# setkey -c <<EOF ? add a.a.a.a b.b.b.b esp 2568731067 -m tunnel -A hmac-md5 0x75b916ac534cef32d3db8a44cf5b62c1 ; ? EOF I get the following: The result of line 1: Invalid argument. I can successfully do the following: firewall# setkey -c <<EOF ? spdadd 172.16.69.0/24 172.16.250.0/24 any -P out ipsec esp/tunnel/a.a.a.a-b.b.b.b/require ; ? spdadd 172.16.250.0/24 172.16.69.0/24 any -P in ipsec esp/tunnel/b.b.b.b-a.a.a.a/require ; ? EOF if I issue: firewall# setkey -DP I get: 172.16.250.0/24[any] 172.16.69.0/24[any] any in ipsec esp/tunnel/b.b.b.b-a.a.a.a/require spid=4 seq=1 pid=1322 refcnt=1 172.16.69.0/24[any] 172.16.250.0/24[any] any out ipsec esp/tunnel/a.a.a.a-b.b.b.b/require spid=3 seq=0 pid=1322 refcnt=1 Please tell me where I'm going wrong in adding my SAD entry. As well as any thing else I might need to do once I successfully add my SAD entry. Thanks, Travis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OLEPKBMLIHCGDKLGKPJGKEDIDLAA.lists-freebsd-net>