Hello misc
I'm trying to setup IPSec between my OpenBSD wireless access point and
a Linux client using setkey. I have managed to get IPSec working fine
between the other OpenBSD servers on my network using ipsecctl, almost
seemed too easy.
Below are my ipsec.conf from the OpenBSD box and the ipsec.conf from
the Linux box. I've made sure to allow all esp/ah traffic through pf
and i'm not getting any errors in pflog.
OpenBSD ipsec.conf:
flow esp from 192.168.3.1 to 192.168.3.100
esp from 192.168.3.1 to 192.168.3.100 spi 0xdeadbeef:0xbeefdead \
auth hmac-md5 \
enc 3des-cbc \
authkey
0x360b3821897eb61dfc332e139e14fd62:0x360b3821897eb61dfc332e139e14fd62
\
enckey
0x49fce5b82ff7acc4d6aded691a0f5f9a65e18861ad4b66bf:0x61272157401bf304177fa8ac0c38de4095992d06c0499cf7
Linux ipsec.conf:
#!/usr/sbin/setkey -f
flush;
spdflush;
add 192.168.3.100 192.168.3.1 esp 0xbeefdead -E 3des-cbc
0x61272157401bf304177fa8ac0c38de4095992d06c0499cf7;
add 192.168.3.1 192.168.3.100 esp 0xdeadbeef -E 3des-cbc
0x49fce5b82ff7acc4d6aded691a0f5f9a65e18861ad4b66bf;
add 192.168.3.100 192.168.3.1 ah 0xbeefdead -A hmac-md5
0x360b3821897eb61dfc332e139e14fd62;
add 192.168.3.1 192.168.3.100 ah 0xdeadbeef -A hmac-md5
0x360b3821897eb61dfc332e139e14fd62;
spdadd 192.168.3.100 192.168.3.1 any -P out ipsec esp/transport//use
ah/transport//use;
spdadd 192.168.3.1 192.168.3.100 any -P in ipsec esp/transport//use
ah/transport//use;
I hope this is all the information someone requires to help.
Thanks
Tom
