Testing IPSec FreeBSD & Windows XP

[Garzon Maldonado, Jesus Javier]

Hello all:

I'm trying to build an authenticated conection between FreeBSD 4.4 (3ffe:b80:447:1::1) 
and Windows XP (3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02) using IPSec with ah protocol 
and hmac-md5 encryption algorithm. 

You can find atached the file I use for FreeBSD (WindowsXP02.txt) and the files I use 
for Windows XP (seguridad.sad, seguridad.spd and seguridad.key).

But, whe I try to make ping6 3ffe:b80:447:1::1 from WindowsXP to FreeBSD the following 
error appears at FreeBSD console.

/kernel: sum length mismatch in IPv6 AH input (16 should
be 12): packet(SPI=3001 src=3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02 
dst=3ffe:0b80:0447:0001::0001)

I've tried the same kind of conection between 2 Windows XP machines successfully.

What am I doing wrong?

Thank you in advance. 

Regards.

 Jes�s Javier Garz�n Maldonado  
 Radar, Mando y Control 
 
 Carretera Loeches, N� 9
28850 - Torrej�n de Ardoz (ESPA�A)
Tel: +34-91-626.82.68
[EMAIL PROTECTED]
www.indra.es


-----------------------------------------------------------------
Este correo electr�nico y, en su caso, cualquier fichero anexo al mismo, contiene 
informaci�n de car�cter confidencial exclusivamente dirigida a su destinatario o 
destinatarios. Queda prohibida su divulgaci�n, copia o distribuci�n a terceros sin la 
previa autorizaci�n escrita de Indra. En el caso de haber recibido este correo 
electr�nico por error, se ruega notificar inmediatamente esta circunstancia mediante 
reenv�o a la direcci�n electr�nica del remitente.
-----------------------------------------------------------------
The information in this e-mail and in any attachments is confidential and solely for 
the attention and use of the named addressee(s). You are hereby notified that any 
dissemination, distribution or copy of this communication is prohibited without the 
prior written consent of Indra. If you have received this communication in error, 
please, notify the sender by reply e-mail.
-----------------------------------------------------------------

Seguridad.key
Description: Seguridad.key

seguridad.sad
Description: seguridad.sad

seguridad.spd
Description: seguridad.spd

#               ============ ESP ============
#               |                           |
#             Host-A                        Host-B
#             3ffe:b80:447:1::1 ------------3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02

#authentication algorithm is hmac-md5 whose key is ``esto es una prueba''. 
Configuration at Host-A:

flush ah;
spdflush ;

spdadd 3ffe:b80:447:1::1[any] 3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02[any] any -P out 
ipsec
        ah/transport/3ffe:b80:447:1::1-3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02/use ;
spdadd 3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02[any] 3ffe:b80:447:1::1[any] any -P in 
ipsec
        ah/transport/3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02-3ffe:b80:447:1::1/use ;
add 3ffe:b80:447:1::1 3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02 ah 3000
        -m transport
        -A hmac-md5 "1234567890123456" ;
add 3ffe:0b80:0447:0001:c558:fa8a:bfd9:9b02 3ffe:b80:447:1::1 ah 3001
        -m transport
        -A hmac-md5 "1234567890123456" ;