Re: [Astlinux-users] Issues w/ ipsec-tools?

Mon, 07 Jul 2008 23:07:28 -0700 

Kristian Kielhofner wrote:
> On 7/6/08, Philip Prindeville <[EMAIL PROTECTED]> wrote:
>   
>> I'm trying to manually (and statically) set up an IPSEC ESP tunnel
>>  between two Astlinux firewalls, but I keep getting:
>>
>>  The result of line 11: Protocol not supported.
>>  The result of line 15: Protocol not supported.
>>
>>  on the lines corresponding to the "setkey add" (but not the setkey/spdadd).
>>
>>  I looked at all the BR2_PACKAGE_IPSEC_TOOLS_* options, and everything
>>  that needs to be enabled is.
>>
>>  What am I missing?  Anyone else had success?
>>
>>  Thanks,
>>
>>  -Philip
>>
>>     
>
> Philip,
>
>   It looks like the kernel modules for ESP/AH aren't loaded...
>
>   modprobe af_key ah4 esp4
>
>   

That was one issue, not having ah4 and esp4 loaded up.  Got that 
resolved earlier, but for whatever reason, I'm still not passing traffic:

# setkey -DP
192.168.1.0/24[any] 192.168.10.0/24[any] any
        in prio def ipsec
        esp/tunnel/66.232.79.143-63.224.43.239/require
        created: Jul  7 18:46:54 2008  lastused:                     
        lifetime: 0(s) validtime: 0(s)
        spid=480 seq=1 pid=7370
        refcnt=1
192.168.10.0/24[any] 192.168.1.0/24[any] any
        out prio def ipsec
        esp/tunnel/63.224.43.239-66.232.79.143/require
        created: Jul  7 18:46:54 2008  lastused: Jul  7 19:12:02 2008
        lifetime: 0(s) validtime: 0(s)
        spid=497 seq=2 pid=7370
        refcnt=1
192.168.1.0/24[any] 192.168.10.0/24[any] any
        fwd prio def ipsec
        esp/tunnel/66.232.79.143-63.224.43.239/require
        created: Jul  7 18:46:54 2008  lastused:                     
        lifetime: 0(s) validtime: 0(s)
        spid=490 seq=0 pid=7370
        refcnt=1
# 

for whatever reason, that sequence number on the "out" association isn't going 
up, even after a:

# ping -I 192.168.10.1 192.168.1.1
...





-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Astlinux-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to [EMAIL 
PROTECTED]

Reply via email to