[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: can't get ipsecadm to take my flows

Try to use the script in 

/usr/share/ipsec

it's called rc.vpn

It will create all those flows and SA's for you.  To just see them and
not launch it, uncomment out the debug.

> -----Original Message-----
> From: Andrew Falanga [mailto:afalanga@linora.com]
> Sent: Friday, March 29, 2002 10:54 AM
> To: MiscAtOpenBSD
> Subject: can't get ipsecadm to take my flows
> 
> Hello everyone,
> 
>     I've been trying to get IPsec working for some time now.  I've
been
> working through these things on my own, but I'm just not getting it
> right.  Here's the quick synopsis.
> 
> My host
> 	GW			Dest.
> 192.168.0.7
> 		192.168.0.1		216.161.140.266
> 
> I've been reading the FAQ, and per the instructions of setting up
manual
> keying (after enabling ah and esp forwarding in my kernel) I entered
> these two commands:
> 
> ipsecadm new esp -spi 1000 -src 192.168.0.7 -dst 216.161.140.226
> -forcetunnel -enc blf -auth sha1 -keyfile /ipsec_keys/gw.key
> -authkeyfile /ipsec_keys/gw.authkey
> 
> ipsecadm new esp -spi 1001 -dst 192.168.0.7 -src 216.161.140.226
> -forcetunnel -enc blf -auth sha1 -keyfile /ipsec_keys/gw.key
> -authkeyfile /ipsec_keys/gw.authkey
> 
> Both of these work fine, then I try to set up the flow via:
> 
> ipsecadm flow -proto esp -dst 216.161.140.226 -addr 192.168.0.1
> 255.255.255.255 216.161.140.226 255.255.255.255
> 
> I've tried a few different variations but usually end up with the same
> error:
>            write: Invalid argument
> 
> Which one is invalid?  I thought perhaps it was because when setting
up
> the SA's I used 'new esp' vs. 'esp' which is part of the ipsecadm
> options.  So I tried 'new esp' in setting up the flow.  All I get is
> unknown protocol.  So, what am I doing wrong?
> 
> Andy