[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Further help with setting up IPsec
- To: MiscAtOpenBSD <misc@openbsd.org>
- Subject: Further help with setting up IPsec
- From: Andrew Falanga <afalanga@linora.com>
- Date: Tue, 26 Mar 2002 11:05:55 -0700
- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20011126 Netscape6/6.2.1
Hello everyone,
I'm still a little red with embarrasment about missing the count=1
parameter to dd yesterday, but I'll get over it. What's going on now
is, I'm trying to get ipsecadm to take my flow commands.
I've set up the initial stuff with commands like the following:
ipsecadm new esp -src 192.168.0.7 -dst 216.161.140.226 -forcetunnel \
-spi 1000 -enc blf -auth sha1 -keyfile /path_to/file \
-authkeyfile /path_to/file
Then, continuing down the FAQ, I entered
ipsecadm flow -proto esp -dst 216.161.140.226 -spi 1000 \
-addr 192.168.0.1
192.168.0.1 is obviously the gateway this passes through. This is where
the fun began. After entering this, I got something to the effect of,
-spi is deprecated. Same thing for -addr. I looked up the man page
on-line for ipsecadm, and tried several different syntax styles (most
are examples in the man page) to no avail. I usually get errors like:
ipsecadm: Unkown, invalid, or duplicated option: -addr
write: Invalid argument
ipsecadm: use of flag "-spi" is deprecated with flow creation or deletion
And so forth. So, simply put, what am I missing. To test things out,
what I'm attempting to do is build an IPsec link between my machine
(192.168.0.7) and the public side of our router (216.161.140.226). The
router is a Cobalt Qube 3 that does have IPsec in it. Unfortunately, it
looks like the Cobalt crap only does things through gateways, rather
than directly from point-to-point. I'm not exactly familiar with Qube's
but honestly, so far, I'm far from impressed. If it weren't for the
fact that one can actually get in to the thing via ssh (I actually had
to install it, only telnet was being used gage me) it would be even worse.
So, the basic network layout is very simple. I'm on the private side,
and I'm wanting to build an IPsec link to the public side of my Qube. I
know it's stupid, but I can't do point-to-point. The only way to
administer IPsec in the Qube is through the web interface and one of the
required fields is gateway.
Andy
Sorry the post is soo long.