- 论坛徽章:
- 0
|
各位ipsec高手,我用setkey去手动增加 SAD 和SPD, 文件如下
#!/sbin/setkey -f
flush;
spdflush;
add 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbc2to1" -A aes-xcbc-mac ''ipv6readaesx2to1'';
spdadd 3ffe:501:ffff:104:21d:fff:fe19:59fc 3ffe:501:ffff:103:20a:ebff:fe85:9e56 any -P in ipsec esp/transport//require;
add 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbc2to1" -A aes-xcbc-mac "ipv6readaesx1to2";
spdadd 3ffe:501:ffff:103:20a:ebff:fe85:9e56 3ffe:501:ffff:104:21d:fff:fe19:59fc any -P out ipsec esp/transport//require;
当我执行后,总是报:
not supported at [ipv6readaesx2to1]
prase failed, line 4
但是把 aes-xcbc-mac 改为 hmac-sha1 就没有问题
请问这是哪里问题。
谢谢了!
急呀,内核编译肯定没有问题。setkey手册看了多遍了,配置应该没有问题呀。难道sysctl.conf文件要增加什么吗? 多谢了!!!!!
[ 本帖最后由 wangdx77 于 2008-11-26 09:59 编辑 ] |
|
免费注册
发表于 2008-11-26 09:57