Hi, I'm trying to setup a Freeswan box to create a manually keyed IPSec tunnel to a non-freeswan ipsec box. According to the 'ipsec look' the tunnel is up and running but I'm getting an error when I try to send data across the tunnel. When I try to ping I'm getting the following message:
Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: <<< Info -- skb->dev=eth1 dev=eth1 Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: physical device for device ipsec0 is eth1 Dec 28 17:23:53 bturner kernel: klips_debug: IP: ihl:20 ver:4 tos:0 tlen:184 id:4608 frag_off:0 ttl:56 proto:50 chk:47008 saddr:216.223.229.118 daddr:208.142.82.102 Dec 28 17:23:53 bturner kernel: klips_debug:gettdb: linked entry in tdb table for hash=0 of SA:[EMAIL PROTECTED] requested. Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: SA:[EMAIL PROTECTED], src=216.223.229.118 of pkt agrees with expected SA source address policy. Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: SA:[EMAIL PROTECTED] First SA in group. Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: SA:[EMAIL PROTECTED] No previous backlink in group. Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: packet from 216.223.229.118 received with seq=32 (iv)=0x83765cfde665f63b iplen=184 esplen=152 [EMAIL PROTECTED] Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: encalg = 3, authalg = 2. Dec 28 17:23:53 bturner kernel: klips_debug:ipsec_rcv: auth failed on incoming packet from 216.223.229.118: hash=<snip> auth=<snip>, dropped The last line there seems to indicate that I'm not authenticating for the packet but I don't know which authentication isn't working. Like I said, according to 'ipsec look' the tunnel is up and the traffic is moving across it, it's just getting dropped in the IPSec system somewhere. I've played around with the auth and encryption keys on both machines but I guess I don't know enough about Freeswan or IPSec to get it together. Any pointers anybody can provide would be greatly appreciated. Thanks in advance. -- Matt Grommes -- -- System Admin -- -- SpinnNet -- -- 505.938.7746 -- _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
