Howdy, I have checked out Ralf's howto, and based on that I started using BSDs ISAKMPD tool. I followed the howto, then read up on posts regarding IPSec and 2.6. I seem able to get things together, but I don't see encrypted pings. My goal is to use a tunnel of some kind to make communication happen. However, I either don't understand how, or something. http://www.ipsec-howto.org/x405.html I have gre tunnel setup, and it works fine until I start isakmpd. The tunnel stops until I kill isakmpd and setkey -FP. please see my previous e-mail for ISAKMPD config specific info: http://www.ussg.iu.edu/hypermail/linux/net/0402.3/0009.html Here is my setkey info: ================================================ [root@salem isakmpd-20040106]# setkey -DP 10.44.1.0/24[any] 10.43.1.0/24[any] any in ipsec esp/tunnel/192.168.12.21-192.168.18.102/use created: Mar 2 13:21:07 2004 lastused: lifetime: 0(s) validtime: 0(s) spid=728 seq=3 pid=21152 refcnt=1 10.43.1.0/24[any] 10.44.1.0/24[any] any out ipsec esp/tunnel/192.168.18.102-192.168.12.21/require created: Mar 2 13:21:07 2004 lastused: lifetime: 0(s) validtime: 0(s) spid=721 seq=2 pid=21152 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any in none created: Mar 2 13:21:07 2004 lastused: Mar 2 13:39:02 2004 lifetime: 0(s) validtime: 0(s) spid=707 seq=1 pid=21152 refcnt=1 0.0.0.0/0[any] 0.0.0.0/0[any] any out none created: Mar 2 13:21:07 2004 lastused: Mar 2 13:39:02 2004 lifetime: 0(s) validtime: 0(s) spid=716 seq=0 pid=21152 refcnt=1 ================= [root@salem isakmpd-20040106]# setkey -D 192.168.12.21 192.168.18.102 esp mode=tunnel spi=2406271724(0x8f6ccaec) reqid=0(0x00000000) E: 3des-cbc 1cf865ee 5fdd9051 8689bb67 007e1216 f804e5b6 9e7ce968 A: hmac-sha1 bc436491 be7c8ccb 45309d83 7d883747 737af060 seq=0x00000000 replay=16 flags=0x00000000 state=mature created: Mar 2 13:39:03 2004 current: Mar 2 13:49:16 2004 diff: 613(s) hard: 1200(s) soft: 1080(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=1 pid=21153 refcnt=0 192.168.18.102 192.168.12.21 esp mode=tunnel spi=1881015708(0x701e059c) reqid=0(0x00000000) E: 3des-cbc 0e498fa4 100845a8 da9dfffa d3c78f3d 8a87872b 4ed64b61 A: hmac-sha1 17ce50ff bdc6e537 f5f2a3dc 47924607 e8de5390 seq=0x00000000 replay=16 flags=0x00000000 state=mature created: Mar 2 13:39:03 2004 current: Mar 2 13:49:16 2004 diff: 613(s) hard: 1200(s) soft: 1080(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=21153 refcnt=0 -- just because your paranoid, doesn't mean they're not after you. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
