[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPSec assistance



Howdy,
	I'm trying to set up to boxes to use ESP to connect to each
other.  I'm using manual keying but still cannot pass traffic.  Both boxes
are 2.7 (OpenBSD looking-glass 2.7 GENERIC#25 i386 ).  I have ah and esp 
enabled in my /etc/sysctl.conf the boxes have both been rebooted.  If I
tcpdump I see the traffic coming in on both sides but a ping ends up w/
100% packet loss.  I've tried to follow the faq
http://www.openbsd.org/faq/faq13.html#13.6 ... and yes will change my
keys.  Thanks for any help provided

my ipsecadm command look like these...between 2 servers looking glass and
portal both on routeable nets.

### looking-glass config
ipsecadm new esp -spi 2000 -src <src ip> -dst <dst ip> 
-forcetunnel -enc blf -auth sha1 -key d631d108f2a4ca37236dc271a5df1
feb6c607beb -authkey 23a7048de5450dc2e9615a947c3fb1fc75062108

ipsecadm new esp -spi 2001 -dst <dst ip> -src <src ip>
-forcetunnel -enc blf -auth sha1 -key d631d108f2a4ca37236dc271a5df1
feb6c607beb -authkey 23a7048de5450dc2e9615a947c3fb1fc75062108

ipsecadm flow -proto esp -dst <dst ip> -spi 2000 -addr <src ip>
255.255.255.255 <dst ip> 255.255.255.255 

### portal config ( src / dst ips are obviously reversed )
ipsecadm new esp -spi 2000 -src <src ip> -dst <dst ip>
-forcetunnel -enc blf -auth sha1 -key d631d108f2a4ca37236dc271a5df1
feb6c607beb -authkey 23a7048de5450dc2e9615a947c3fb1fc75062108

ipsecadm new esp -spi 2001 -dst <src ip> -src <dst ip>
-forcetunnel -enc blf -auth sha1 -key d631d108f2a4ca37236dc271a5df1
feb6c607beb -authkey 23a7048de5450dc2e9615a947c3fb1fc75062108

ipsecadm flow -proto esp -dst <dst ip> -spi 2000 -addr <src ip>
255.255.255.255 <dest ip> 255.255.255.255 
bash# 

--Lenny





Visit your host, monkey.org