OpenBSD 3.8 release.
I'm getting the same errors as this thread:
http://archives.neohapsis.com/archives/openbsd/2005-11/1980.html
I'm trying to use as many defaults as possible in this test setup, and
sha1 is not being chosen by the defaults. Any ideas?
Here is my ipsec.conf (yes, key values are just for testing):
flow esp from 192.168.71.129 to 192.168.71.128
esp from 192.168.71.129 to 192.168.71.128 spi 0x1000:0x1001 authkey
0x0000000000000000000000000000000000000000000000000000000000000000:0x0000000000000000000000000000000000000000000000000000000000000001
enckey
0x0000000000000000000000000000000000000000000000000000000000000000:0x0000000000000000000000000000000000000000000000000000000000000001
Here is the output from ipsecctl -vv -f /etc/ipsec.conf:
@0 flow esp out from 192.168.71.129 to 192.168.71.128 peer 192.168.71.128
type require
@1 flow esp in from 192.168.71.128 to 192.168.71.129 peer 192.168.71.128
type use
@2 esp from 192.168.71.129 to 192.168.71.128 spi 0x00001000 auth
hmac-sha2-256 enc aesctr
authkey
0x0000000000000000000000000000000000000000000000000000000000000000
enckey
0x0000000000000000000000000000000000000000000000000000000000000000
@3 esp from 192.168.71.128 to 192.168.71.129 spi 0x00001001 auth
hmac-sha2-256 enc aesctr
authkey
0x0000000000000000000000000000000000000000000000000000000000000001
enckey
0x0000000000000000000000000000000000000000000000000000000000000001
ipsecctl: writev failed: Invalid argument
ipsecctl: failed to add rule 2
ipsecctl: writev failed: Invalid argument
ipsecctl: failed to add rule 3
