[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

openBSD testing doubts

To: <ipsec@lists.tislabs.com>
Subject: openBSD testing doubts
From: "JEEVA" <jeevas@future.futsoft.com>
Date: Fri, 10 Aug 2001 12:43:03 +0530
Disposition-Notification-To: "JEEVA" <jeevas@future.futsoft.com>
Importance: Normal
Reply-To: <jeevas@future.futsoft.com>
Sender: owner-ipsec@lists.tislabs.com

Hi all,


   we are working in openBSD2.9 ipsec code. we first tested for manual key
between two hosts .

   In Host A:

        sysctl -w net.inet.esp.enable=1
	sysctl -w net.inet.esp.enable=1

        ipsecadm new esp -spi 1000 -src HostA -dst HostB -forcetunnel enc
3des -auth sha1 -key
	7762d8707255d974168cbb1d274f8bed4cbd3364dd -authkey
6a20367e21c66e5a40739db293cfef2a4e6659f

	ipsecadm new esp -spi 1001 -src HostB -dst HostA -forcetunnel enc
3des -auth sha1 -key
	7762d8707255d974168cbb1d274f8bed4cbd3364dd -authkey
6a20367e21c66e5a40739db293cfef2a4e6659f

	ipsecadm flow -proto esp -dst HostB -addr HostA 255.255.255.255 HostB
255.255.255.255 -in -require

  upto this working fine. but when i try to enter

         ipsecadm flow -proto esp -dst HostB -addr HostA 255.255.255.255
HostB 255.255.255.255 -out -require

  it's giving Sendto : not permitted error in runtime. so, i deleted this
line , i kept only inbound flow in HostA


Host B:

	sysctl -w net.inet.esp.enable=1
	sysctl -w net.inet.esp.enable=1

        ipsecadm new esp -spi 1001 -src HostB -dst HostA -forcetunnel enc
3des -auth sha1 -key
	7762d8707255d974168cbb1d274f8bed4cbd3364dd -authkey
6a20367e21c66e5a40739db293cfef2a4e6659f

	ipsecadm new esp -spi 1000 -src HostB -dst HostA -forcetunnel enc
3des -auth sha1 -key
	7762d8707255d974168cbb1d274f8bed4cbd3364dd -authkey
6a20367e21c66e5a40739db293cfef2a4e6659f

	ipsecadm flow -proto esp -dst HostA -addr HostA 255.255.255.255 HostB
255.255.255.255 -in -require

  upto this working fine. but when i try to enter

         ipsecadm flow -proto esp -dst HostA -addr HostA 255.255.255.255
HostB 255.255.255.255 -out -require

  it's giving Sendto : not permitted error in runtime. so, i deleted this
line , i kept only inbound flow in HostA



After this:

    i checked both hosts with ping and tcpdump

		it's giving
			icmp_request
			icmp_reply

   then i kept different keys(enc and auth key) and tested between both
hosts.
		again its giving
			icmp_request
			icmp_reply


   i checked with both Hosts by using netstat -rn
		it's giving correct SA  details in both sides.

   but i checked with netstat -ss -p esp
		it's giving only

		esp:

              not giving any details .


i donno how actually we have to findout whether manual keying is working or
not.





Note:  here i kept ipf.filter=NO in /etc/rc.conf and i enabled forwarded
capacity also(sysctl -w inet.net.forwarded.enable=1)



expecting ur reply,
thanks,
jeeva

Follow-Ups:

Re: openBSD testing doubts

From: Hakan Olsson <ho@crt.se>

Prev by Date: son of IKE
Next by Date: Re: Simplifying IKE
Prev by thread: son of IKE
Next by thread: Re: openBSD testing doubts
Index(es):
- Main
- Thread