A bit more explanation: Nowadays, HMAC-SHA1/MD5 is used with ESP/AH. Simple keyed SHA1/MD5 is only used with "old" ESP/AH, which is not supported by ipsecctl(8). Thus I'll remove "sha1" from ipsecctl, sorry for the inconvenience.
HJ. On Thu, Nov 24, 2005 at 12:01:36PM +0100, Hans-Joerg Hoexer wrote: > Hi, > > ok, please use "hmac-sha1" instead of "sha1" > HJ. > > On Thu, Nov 24, 2005 at 11:04:45AM +0100, raff wrote: > > following ipsec.conf(5) i was trying to set up connection between to > > hosts 192.168.1.115 and 192.168.1.125 > > I can set it using ipsecadm, and everything works fiine, but using > > ipsecctl i'm getting some errors like below: > > > > > > # ipsecctl -vvf ipsec.conf > > @0 flow esp out from 192.168.1.115 to 192.168.1.125 peer 192.168.1.125 > > type require > > @1 flow esp in from 192.168.1.125 to 192.168.1.115 peer 192.168.1.125 > > type use > > @2 esp from 192.168.1.115 to 192.168.1.125 spi 0x00000115 auth sha1 enc > > 3des-cbc > > authkey 0x507a89ddbbca07ea595b338f78c9cf44162ef92e > > enckey 0x9f2d7686ee16363909e94c8334cc8492b53cb8d7d0734e29 > > @3 esp from 192.168.1.125 to 192.168.1.115 spi 0x00000125 auth sha1 enc > > 3des-cbc > > authkey 0x513dc7a1b41d9a5ad9fca0eedc78180be2a82ba5 > > enckey 0x44c4006f164234375e892d64e8fbc42c6093064fb1aa3bb9 > > ipsecctl: writev failed: Invalid argument > > ipsecctl: failed to add rule 2 > > ipsecctl: writev failed: Invalid argument > > ipsecctl: failed to add rule 3 > > > > thanks in advance
