I have a large VPN network using several OpenBSD 3.5 and 3.6 boxes, I'm
using shared keys, and the rc.vpn script to initialize it. Yesterday I
tried to add a 3.7 box to the mix, and it wouldn't work. The symptoms were
the tunnels never came up, and the respective gateways lost communication
with each other (no ssh, ping, etc.).
Some manual command entry on the 3.7 box showed the following:
gorgon:~# ipsecadm flush
gorgon:~# ipsecadm new esp -enc aes -auth sha1 -spi 1030 -dst y.y.y.y -src
x.x.x.x -keyfile /etc/vpn/enc.key -authkeyfile /etc/vpn/auth.key
gorgon:~# ipsecadm show
sadb_dump: satype esp vers 2 len 21 seq 0 pid 0
errno 150: Unknown error: 150
sa: spi 0x00001030 auth hmac-sha1 enc aes
state larval replay 0 flags 0
lifetime_cur: alloc 0 bytes 0 add 1118600322 first 0
address_src: x.x.x.x
address_dst: y.y.y.y
key_auth: bits 160: ****************************************
key_encrypt: bits 128: ********************************
Other than the error message, the only major change from 3.6 to 3.7 is
that the satype went from unspec (3.6) to enc (3.7).
I've duplicated this on three separate computers running 3.7, one of which
was successfully running exactly the same command until it was upgraded
(this one is giving an errno 160). Anyone have any idea what the problem
is?
--
[EMAIL PROTECTED]
