Re: ESP input: no key association found for spi

From: Gregory Carvalho (GregoryC@stcinc.com)
Date: 01/16/03

• Next message: Mike Doyle: "Help needed configuring racoon"
• Previous message: Nikolay Y. Orlyuk: "Fw: [freebsd] Re: Compiling tripwire in FreeBSD"
• In reply to: Matthias Teege: "ESP input: no key association found for spi"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Jan 2003 15:17:53 -0800
From: Gregory Carvalho <GregoryC@stcinc.com>
To: Matthias Teege <matthias-fbsdsec@mteege.de>

The error indicates to me that the SPI contains no valid SPD entry for
the SADB entry.

While all your sample numbers match, I'll change them to create the
error (I just changed the first occurance of 192.168.9.11 to
192.168.9.12):

spdadd 192.168.0.0/24 0.0.0.0/0 any -P in ipsec
esp/tunnel/192.168.9.9-192.168.9.12;

bullet# setkey -DP
192.168.0.0/24[any] 0.0.0.0/0[any] any
        in ipsec
        esp/tunnel/192.168.9.9-192.168.9.11/default
        spid=73 seq=1 pid=95831
        refcnt=1

I hope this helps you find the answer.

-GCC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Mike Doyle: "Help needed configuring racoon"
• Previous message: Nikolay Y. Orlyuk: "Fw: [freebsd] Re: Compiling tripwire in FreeBSD"
• In reply to: Matthias Teege: "ESP input: no key association found for spi"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint