On Tue, Jun 12, 2018 at 4:02 PM Patrick Lamaiziere <patf...@davenulle.org> wrote:
> Le Tue, 12 Jun 2018 14:34:47 +0200, > Patrick Lamaiziere <patf...@davenulle.org> a écrit : > > Hello > Hi Patrick, > > Well I can reproduce this problem by using setkey(8) : > > /etc/ipsec.conf > add 129.20.128.78 129.20.128.149 tcp 0x1000 -A tcp-md5 "secret"; > add 129.20.128.149 129.20.128.78 tcp 0x1000 -A tcp-md5 "secret"; > > > You can't no more use the same SPI for these 2 entries (cf the TCP MD5 examples into the setkey man page): Use TCP MD5 between two numerically specified hosts: add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ; add 10.1.10.36 10.1.10.34 tcp 0x1001 -A tcp-md5 "TCP-MD5 BGP secret" ; Regards, Olivier _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"