Thanks for the suggestion but specifying transport fails too..
esp transport from 192.168.114.101 to 192.168.114.140 spi 0xdeadbeef:0xbeefdead
enc blowfish \
authkey 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4
e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6 \
enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79
When I ping the OpenBSD box i see with tcpdump -
Feb 24 21:54:50.448210 0:c:29:6d:8e:3d 0:c:29:3f:91:94 0800 146: ah
192.168.114.140 > 192.168.114.101 spi 0xBEEFDEAD seq 18 len 112 (DF)
Feb 24 21:54:51.443803 0:c:29:6d:8e:3d 0:c:29:3f:91:94 0800 146: ah
192.168.114.140 > 192.168.114.101 spi 0xBEEFDEAD seq 19 len 112 (DF)
Feb 24 21:54:52.390025 0:c:29:6d:8e:3d 0:c:29:3f:91:94 0800 146: ah
192.168.114.140 > 192.168.114.101 spi 0xBEEFDEAD seq 20 len 112 (DF)
but get no replies (i'm not filtering at all).
On 24/02/07, Christian Weisgerber <[EMAIL PROTECTED]> wrote:
In article <[EMAIL PROTECTED]> you write:
> I'm trying to set up basic ipsec between an OpenBSD-current box and a
> linux box using setkey, could anyone point out what i'm doing wrong
> please? I'm getting no errors from ipsecctl or setkey, below are the
> configs.
I'm not sure if that's the problem, but...
> esp from 192.168.114.101 to 192.168.114.140 spi 0xdeadbeef:0xbeefdead
.. this defaults to tunnel mode...
> spdadd 192.168.114.140 192.168.114.101 any -P out ipsec
> esp/transport//require;
> ah/transport//require;
>
> spdadd 192.168.114.101 192.168.114.140 any -P in ipsec
> esp/transport//require;
> ah/transport//require;
.. and here you seem to specify transport mode.
--
Christian "naddy" Weisgerber [EMAIL PROTECTED]
