tech-security: Re: setkey config file

Subject: Re: setkey config file
To: Ravi Ramamirtham <rrshanks@charter.net>
From: Roland Dowdeswell <elric@imrryr.org>
List: tech-security
Date: 04/10/2003 15:46:39

On 1049996902 seconds since the Beginning of the UNIX epoch
"Ravi Ramamirtham" wrote:
>
>Hi,
>      Can someone please point me to the correct syntax 
>for the spdadd command for setkey? I tried the following 
>with no luck:
>
>spdadd 10.1.1.1 10.1.1.2 any -P out ipsec 
>esp/transport/10.1.1.1-10.1.1.2/require ;
>
>spdadd 10.1.1.2 10.1.1.1 any -P in ipsec 
>esp/transport/10.1.1.2-10.1.1.1/require ;
>
>I get the following error:
>
>Invalid argument at [ out ipsec 
>esp/transport/10.1.1.1-10.1.1.2/require ]

I tried these on my machine and they worked.  They generated policies:

10.1.1.1[any] 10.1.1.2[any] any
        out ipsec
        esp/transport/10.1.1.1-10.1.1.2/require
        created: Apr 10 15:43:42 2003  lastused: Apr 10 15:43:42 2003
        lifetime: 0(s) validtime: 0(s)
        spid=37 seq=0 pid=26049
        refcnt=1

and:

10.1.1.2[any] 10.1.1.1[any] any
        in ipsec
        esp/transport/10.1.1.2-10.1.1.1/require
        created: Apr 10 15:44:30 2003  lastused: Apr 10 15:44:30 2003
        lifetime: 0(s) validtime: 0(s)
        spid=38 seq=9 pid=26049
        refcnt=1

So, what version of NetBSD are you using?  Do you have IPsec built in
to the kernel?

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/