IPSec "connect: No such process"

dbrazeau · 09-30-2010, 01:04 PM

I am trying to setup IPSec with setkey, but after execute the following command on both machines

Code:

setkey -f /etc/ipsec.conf

they cannot ping each other, and I get the following error when trying to ping 192.168.6.86 from 192.168.6.14.

Code:

connect: No such process

If I try to ping from 192.168.6.14 from 192.168.6.86 the ping just never gets a response.

Here are my ipsec.conf for each machine:
Machine 192.168.6.86

Code:

#!/usr/sbin/setkey -f

# Configuration for 192.168.1.100

# Flush the SAD and SPD
flush;
spdflush;

# Attention: Use this keys only for testing purposes!
# Generate your own keys!

# AH SAs using 128 bit long keys
#add 192.168.6.86 192.168.6.14 ah 0x200 -A hmac-md5 
#0xc0291ff014dccdd03874d9e8e4cdf3e6;
#add 192.168.6.14 192.168.6.86 ah 0x300 -A hmac-md5 
#0x96358c90783bbfa3d7b196ceabe0536b;

# ESP SAs using 192 bit long keys (168 + 24 parity)
add 192.168.5.86 192.168.5.14 esp 0x1000 -m transport -E aes-ctr
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";
#0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add 192.168.5.14 192.168.5.86 esp 0x2000 -m transport -E aes-ctr
"ipv6readylogoaes1to2" -A hmac-sha1 "ipv6readylogsha11to2";
#0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;

# Security policies
spdadd 192.168.6.86 192.168.6.14 any -P out ipsec
           esp/transport//require;


spdadd 192.168.6.14 192.168.6.86 any -P in ipsec
           esp/transport//require;

Machine 192.168.6.14:

Code:

#!/usr/sbin/setkey -f

# Configuration for 192.168.1.100

# Flush the SAD and SPD
flush;
spdflush;

# Attention: Use this keys only for testing purposes!
# Generate your own keys!

# AH SAs using 128 bit long keys
#add 192.168.6.86 192.168.6.14 ah 0x200 -A hmac-md5 
#0xc0291ff014dccdd03874d9e8e4cdf3e6;
#add 192.168.6.14 192.168.6.86 ah 0x300 -A hmac-md5 
#0x96358c90783bbfa3d7b196ceabe0536b;

# ESP SAs using 192 bit long keys (168 + 24 parity)
add 192.168.5.86 192.168.5.14 esp 0x1000 -m transport -E aes-ctr
"ipv6readylogoaes2to1" -A hmac-sha1 "ipv6readylogsha12to1";
#0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add 192.168.5.14 192.168.5.86 esp 0x2000 -m transport -E aes-ctr
"ipv6readylogoaes1to2" -A hmac-sha1 "ipv6readylogsha11to2";
#0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;

# Security policies
spdadd 192.168.6.86 192.168.6.14 any -P in ipsec
           esp/transport//require;


spdadd 192.168.6.14 192.168.6.86 any -P out ipsec
           esp/transport//require;

If I do a

Code:

setkey -FP

on both machines they ping each other again. I'm thinking that there is some configuration issue with my ipsec.conf files.

Does anyone know how to resolve this issue?