Hi, tried to reproduce this with /usr/share/ipsec/rc.vpn between 3.6-stable and 3.7-current, but could not. The static vpn is working as expected.
HJ. On Sun, Jun 12, 2005 at 11:30:11AM -0700, Jeff Simmons wrote: > I have a large VPN network using several OpenBSD 3.5 and 3.6 boxes, I'm > using shared keys, and the rc.vpn script to initialize it. Yesterday I > tried to add a 3.7 box to the mix, and it wouldn't work. The symptoms were > the tunnels never came up, and the respective gateways lost communication > with each other (no ssh, ping, etc.). > > Some manual command entry on the 3.7 box showed the following: > > gorgon:~# ipsecadm flush > gorgon:~# ipsecadm new esp -enc aes -auth sha1 -spi 1030 -dst y.y.y.y -src > x.x.x.x -keyfile /etc/vpn/enc.key -authkeyfile /etc/vpn/auth.key > gorgon:~# ipsecadm show > sadb_dump: satype esp vers 2 len 21 seq 0 pid 0 > errno 150: Unknown error: 150 > sa: spi 0x00001030 auth hmac-sha1 enc aes > state larval replay 0 flags 0 > lifetime_cur: alloc 0 bytes 0 add 1118600322 first 0 > address_src: x.x.x.x > address_dst: y.y.y.y > key_auth: bits 160: **************************************** > key_encrypt: bits 128: ******************************** > > Other than the error message, the only major change from 3.6 to 3.7 is > that the satype went from unspec (3.6) to enc (3.7). > > I've duplicated this on three separate computers running 3.7, one of which > was successfully running exactly the same command until it was upgraded > (this one is giving an errno 160). Anyone have any idea what the problem > is? > > -- > [EMAIL PROTECTED]
