Subject: ipsec on freebsd
To: None <tech-net@netbsd.org>
From: Adam Kaufman <adam@securify.com>
List: tech-net
Date: 04/07/2000 15:40:47
We are trying to get a peer to peer connection between two FreeBSD machines.
Both hosts are on the same network. We have received the following error
messages:
IPv4 ESP input: no key association found for spi 5441:dropping the packet
for simplicity
Any help with this would be greatly appreciated. Below are the setkey.conf
files for both machines.
>>>> setkey.conf for 10.5.63.100 <<<<
flush ;
add 10.5.63.100 10.5.63.81 esp 5441
-m any
-f zero-pad
-E des-cbc "12345678"
add 10.5.63.81 10.5.63.100 esp 9998
-m any
-f zero-pad
-E des-cbc "12345678";
add 10.5.63.100 10.5.63.81 ah 5442
-m any
-A hmac-md5 "1234567887654321" ;
add 10.5.63.81 10.5.63.100 ah 9999
-m any
-A hmac-md5 "1234567887654321" ;
spdflush ;
spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp
-P in ipsec esp/transport//use;
spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp
-P out ipsec esp/transport//use;
>>>> setkey.conf for 10.5.63.81 <<<<
flush ;
add 10.5.63.100 10.5.63.81 esp 5441
-m any
-f zero-pad
-E des-cbc "12345678"
add 10.5.63.81 10.5.63.100 esp 9998
-m any
-f zero-pad
-E des-cbc "12345678";
add 10.5.63.100 10.5.63.81 ah 5442
-m any
-A hmac-md5 "1234567887654321" ;
add 10.5.63.81 10.5.63.100 ah 9999
-m any
-A hmac-md5 "1234567887654321" ;
spdflush ;
spdadd 10.5.63.100/32[any] 10.5.63.81/32[any] tcp
-P in ipsec esp/transport//use;
spdadd 10.5.63.81/32[any] 10.5.63.100/32[any] tcp
-P out ipsec esp/transport//use
-- Adam Kaufman
Securify, A Kroll-O'Gara Company
Office: [650] 812-9400 x 4148 Mobile: [650] 814-5948
PGP Fingerprint: 57F4 C284 9BE3 188D 87C4 0240 37B7 554B 7AFC 06C5