Anybody an ipsec guru? I've setup an ipsec transport between two
hosts, A and B on an unsecure network, the setkey configuration file is
included below.
It works fine until I reboot one host (A). After it has rebooted
any packets I send from A to B causes B to report 'replay packet' errors
and for no packets to get through. I have to re-run setkey on B in
order for things to work again.
The question is: What am I forgetting to do? Or is this a bug in our
IPSEC implementation?
May 10 18:15:05 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s
rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16
8.254.29)
May 10 18:15:41 air /kernel: replay packet in IPv4 ESP input: packet(SPI=65537 s
rc=192.168.254.28 dst=192.168.254.29) SA(SPI=65537 src=192.168.254.28 dst=192.16
8.254.29)
-Matt
Matthew Dillon
<[EMAIL PROTECTED]>
spdflush ;
flush ;
add 192.168.254.28 192.168.254.29
esp 0x10001
-E des-cbc "password"
-A hmac-md5 "passwordpasswo!!" ;
add 192.168.254.29 192.168.254.28
esp 0x10001
-E des-cbc "password"
-A hmac-md5 "passwordpasswo!!" ;
spdadd 192.168.254.28/32[any] 192.168.254.29/32[any] any
-P out ipsec esp/tunnel/192.168.254.28-192.168.254.29/require ;
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
