Help configuring IPsec
Robert Ames
robertames at hotmail.com
Tue May 29 16:50:07 UTC 2018
I'm trying to figure out how to enable IPsec between 2 machines on
the name LAN. If I use ESP only things work fine. But I can't get
setkey to parse the conf file when I try to add AH. I get the
following error:
Installing ipsec manual keys/policies.
The result of line 7: Invalid argument.
The result of line 8: Invalid argument.
I don't understand which argument is invalid or why. Here's my
ipsec.conf file:
spdflush;
flush;
add 192.168.1.1 192.168.1.2 esp 0x6f09e2b3 -E rijndael-cbc 0xdd250866139cd478998afcad368a0b95;
add 192.168.1.2 192.168.1.1 esp 0x2f93524b -E rijndael-cbc 0x7fad6fa6f8b736c8a31c00580af96928;
add 192.168.1.1 192.168.1.2 ah 0x50cd6299 -A hmac-md5 0x220911839aac307a0bf2b5c224cef952;
add 192.168.1.2 192.168.1.1 ah 0x13dbc343 -A hmac-md5 0x76e064204af70bf18e4ae6a7d2ec5d25;
spdadd 192.168.1.1 192.168.1.2 any -P out ipsec esp/transport//require ah/transport//require;
spdadd 192.168.1.2 192.168.1.1 any -P in ipsec esp/transport//require ah/transport//require;
More information about the freebsd-questions
mailing list