tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPsec vs ssh
So the SPD problem was solved by changing all of the "any" fields to "icmp":
spdadd 10.1.2.254/24 10.1.3.0/24 icmp -P out ipsec
esp/tunnel/10.1.2.254-203.33.153.28/require;
spdadd 10.1.3.0/24 10.1.2.0.254/32 icmp -P in ipsec
esp/tunnel/203.33.153.28-10.1.2.254/require;
spdadd 203.33.153.28/32 10.1.1.0/24 icmp -P in ipsec
esp/tunnel/203.33.153.28-10.1.2.254/require;
spdadd 10.1.1.0/24 203.33.153.28/32 icmp -P out ipsec
esp/tunnel/10.1.2.254-203.33.153.28/require;
spdadd 10.1.3.0/24 10.1.1.0/24 icmp -P in ipsec
esp/tunnel/203.33.153.28[4500]-10.1.2.254[4500]/require;
spdadd 10.1.1.0/24 10.1.3.0/24 icmp -P out ipsec
esp/tunnel/10.1.2.254[4500]-203.33.153.28[4500]/require;
But I still get this from the kernel:
/netbsd: IPv4 ESP input: no key association found for spi 208200261
DEBUG: call pfkey_send_add2 (NAT flavor)
DEBUG: call pfkey_send_add2
DEBUG: pfkey add sent.
DEBUG: pk_recv: retry[0] recv()
DEBUG: got pfkey UPDATE message
DEBUG2:
[hexdump]
ERROR: pfkey UPDATE failed: No such file or directory
DEBUG: pk_recv: retry[0] recv()
DEBUG: got pfkey ADD message
and this appears to be the only smoking gun from racoon output.
Darren
Home |
Main Index |
Thread Index |
Old Index