On 2007/09/13 11:43, Jeff Simmons wrote: > What is the proper format for entering manual keys directly into the > ipsec.conf file? > > Test file ipsec.test: > > esp from 10.0.0.1 to 10.0.1.1 \ > spi 0x00001011:0x00001010 \ > auth hmac-sha1 enc aes \ > authkey "1234567890123456789012345678901234567890" \ > enckey "12345678901234567890123456789012" \
I think the doc is lacking here. When you use the "spi 0x00000000:0x11111111" format to setup bidirectional flows in one ipsec.conf rule, you need to specify one key for each spi, separated by a : See /usr/src/regress/sbin/ipsecctl/sa7.in for an example.