netbsd-help: Re: Configuring IPSec tunnel between NetBSD and Intel Shiva

Subject: Re: Configuring IPSec tunnel between NetBSD and Intel Shiva
To: None <derrick@givex.com>
From: Daniel Eggert <danieleggert@mac.com>
List: netbsd-help
Date: 02/14/2003 15:16:21

What exactly does the Shiva documentation say about IPsec 
configuration? What encryption schemes do you have to use with Shiva? 
It is important, that your NetBSD configuration of IPsec matches the 
one for the Shiva.

/Daniel

On fredag, feb 14, 2003, at 15:15 Europe/Copenhagen, Derrick Lobo wrote:

>
> Hi All
>
> I am using the setkey command to enable tunnel on netbsd with 3des and 
> sha1.
> While browsing www I read a document which said Intel Shiva has to be
> configured to IPsec and not the propritery software. I have included my
> ipsec.conf
>
> ipsec.conf
> add yyy.yyy.yyy.yyy xxx.xxx.xxx.xxx esp 9780 -E 3des-cbc
> "abcd1234abcd1234abcd1234" -A hmac-sha1 "abcd1234abcd1234abcd";
> add xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy esp 10001 -E 3des-cbc
> "abcd1234abcd1234abcd1234" -A hmac-sha1 "abcd1234abcd1234abcd";
>
> spdadd aaa.aaa.aaa.aaa/32 bbb.bbb.bbb.bbb/24 any -P out ipsec
> esp/tunnel/yyy.yyy.yyy.yyy-xxx.xxx.xxx.xxx/require;
> spdadd bbb.bbb.bbb.bbb/24 aaa.aaa.aaa.aaa/32 any -P in ipsec
> esp/tunnel/xxx.xxx.xxx.xxx-yyy.yyy.yyy.yyy/require;
>
> I am not using racoon....
>
> Thanks
>
> Derrick
>
>