Solved

ipsec on Solaris 8

Posted on 2004-04-03
6
358 Views
Last Modified: 2013-12-27
Hi,

I am trying to setup ipsec between two Sun servers running Solaris 8. I've pretty much followed the entire documentation available on the Sun Website to set this up. However, I've not been too successful. I keep getting the following error message every time I try to ping from the second node to the primary node.

Apr  4 12:36:08 hostname ipsecah: [ID 368763 kern.error] ah_inbound_v4 : No association found, spi=0x1001 ,dst addr a502606.

Can someone throw more light on what I've not done correctly ?

Thanks
0
Comment
Question by:hbsharp
  • 3
6 Comments
 
LVL 1

Expert Comment

by:keie
ID: 10892559
Did you notify the kernel of the SPI's you are using?
 
init script contents:
      if [ -f /etc/inet/ipseckeys ] ; then
                /usr/sbin/ipseckey -f /etc/inet/ipseckeys
      f

ipseckeys contents for esp encryption:
add esp spi 0x3000 src W.X.Y.Z dst w.x.y.z\
auth_alg md5 encr_alg des \
authkey hexhexhexhexhexhexhexhexhexhexhex \
encrkey hexhexhexhexhexh
add esp spi 0x3001 src w.x.y.z dst W.X.Y.Z \
auth_alg md5 encr_alg des \
authkey hexhexhexhexhexhexhexhexhexhexhex \
encrkey hexhexhexhexhexh
0
 
LVL 1

Author Comment

by:hbsharp
ID: 10901625
I am trying to a very basic setup initially. My ipseckeys looks very similar to the one suggested by you. However, I am not using md5 as my auth_alg. I'll try out your suggestion and will update the site.

Thanks for your time.
0
 
LVL 1

Accepted Solution

by:
hbsharp earned 0 total points
ID: 11024834
Hi,

We figured out what the problem was. It was just that we were missing a couple of packages required for ipsec to work. So, if you encounter problems setting up IPSEC, please check to ensure that you have the following packages installed,

SUNWcr
SUNWcrx

Thanks
0
 
LVL 1

Author Comment

by:hbsharp
ID: 11106672
Hi Yuzh,

That woud be great. Thanks for your help.

Regards,
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now