netbsd-help: Re: IPsec and IKE / Racoon: give up to get IPsec-SA

Subject: Re: IPsec and IKE / Racoon: give up to get IPsec-SA
To: Daniel Eggert <danieleggert@mac.com>
From: Daniel Eggert <danieleggert@mac.com>
List: netbsd-help
Date: 10/17/2002 13:53:01

Stupid me. I had the outgoing ESP packages blocked on machine B. Now it 
works with the following in ipf.conf
	pass out quick on tlp0 proto 50 from any to any keep state
	pass in quick on tlp0 proto 50 from any to any keep state
or
	pass out quick on tlp0 proto 51 from any to any keep state
	pass in quick on tlp0 proto 51 from any to any keep state
depending on wether I run ESP or AH.

Sorry for bothering you,
Daniel


On torsdag, okt 17, 2002, at 12:58 Europe/Copenhagen, Daniel Eggert 
wrote:

> I'm trying to follow instructions at
> 	http://www.netbsd.org/Documentation/network/ipsec/#config_ike
> But I can't ping B from A.
>
> In the log file I see the following error:
> 	2002-10-17 12:48:36: ERROR: pfkey.c:738:pfkey_timeover(): 
> my.ip.here.238 give up to get IPsec-SA due to time up to wait.
>
> What does that mean? Thanks,
>
> Daniel
>