setkey returns errors when parsing the conf file
setkey -f ./ipsec-tools.conf results in the following errors (not sure if its is a error or warning ) on a fedora 22 system
The result of line 31: (null).
The result of line 35: (null).
either setkey -D does not list the ESP info (only the AH info)
The config file I am using is
# configuration file for 192.168.100.1
#!/usr/sbin/setkey -f
# NOTE: Do not use this file if you use racoon with racoon-tool
# utility. racoon-tool will setup SAs and SPDs automatically using
# /etc/racoon/racoon-tool.conf configuration.
#
## Flush the SAD and SPD
#
flush;
spdflush;
# AH SAs using 128 bit long keys
add 192.168.1.1 192.168.1.2 ah 0x200 -A hmac-md5
0x18c799b36eaa514faaeae272491c7b6f;
add 192.168.1.2 192.168.1.1 ah 0x300 -A hmac-md5
0x828c2b388a5e33592db4581282c15e80;
# ESP SAs using 192 bit long keys (168 + 24 parity)
add 192.168.1.1 192.168.1.2 esp 0x201 -E 3des-cbc
0xa85d2661379b0f9062f7551a94f5142c8efe58867e54e42a;
add 192.168.1.2 192.168.1.1 esp 0x301 -E 3des-cbc
0x210e34450a418e88fce2e249d2722ce75e31faa67b699dd6;
## Some sample SPDs for use racoon
#
spdadd 192.168.1.1 192.168.1.2 any -P out ipsec
esp/transport//require
ah/transport//require;
spdadd 192.168.1.2 192.168.1.1 any -P in ipsec
esp/transport//require
ah/transport//require;
The line 31 corresponds to "ah/transport//require;" and 35 to "ah/transport//require;"
The same file words on another fedora 21 system
|