+ipsec_common_input: no key association found for SA
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Mon Dec 29 22:23:21 UTC 2008
On Mon, 29 Dec 2008, Gabe wrote:
> I guess more importantly would be the ipsec configuration:
>
> spdadd 192.168.10.0/24 192.168.10.165/32 any -P in none;
> spdadd 192.168.10.165/32 192.168.10.0/24 any -P out none;
>
> spdadd 192.168.10.0/24 192.168.20.0/24 any -P out ipsec esp/tunnel/box-box2/unique;
> spdadd 192.168.20.0/24 192.168.10.0/24 any -P in ipsec esp/tunnel/box-box2/unique;
>
> "box" being the server with the error message and box2 being the server at the end, which also has this error message.
And I assume there is a typo in the spdadd lines.
1) I cannot see why you'd need the first two if the two tuples are
your entire policy.
2) for the 2nd tuple both are box-box2 but one should be box2-box (but
I assume this is a typo into the mail).
--
Bjoern A. Zeeb The greatest risk is not taking one.
More information about the freebsd-net
mailing list