Thanks all:
I configure the ipsec on Freebsd 7.0 :
cd /usr/src/sys/i386/conf
cp GENERIC IPSECKERNEL
ee IPSECKERNEL
option IPSEC
option IPSEC_DEBUG
device crypto
cd /usr/src
make buildkernel KERNCONF=IPSECKERNEL
make installkernel KERNCONF= IPSECKERNEL
shutdown -r now
when I setup the setkey.conf:
add ipv6-address ipv6-address esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbc1to2" -A hmac-sha1 "ipv6readylogsha11to2";
spdadd ipv6-address ipv6-address any -P in ipsec esp/transport//require;
add ipv6-address ipv6-address esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbc2to1" -A hmac-sha1 "ipv6readylogsha12to1";
spdadd ipv6-address ipv6-address any -P out ipsec esp/transport//require;
it is no problem, I can ping pass.
but when I change "-A null" in both side.
my system report:
ah_init0: no authentication key for NULL-HMAC algorithm.
key_setsaval: unable to initialize SA type 3.
if I change "-A aes-xcbc-mac " ,also have problem
could you tell me where problem is , and How can reslove the problem
 Thanks
I configure the ipsec on Freebsd 7.0 :
cd /usr/src/sys/i386/conf
cp GENERIC IPSECKERNEL
ee IPSECKERNEL
option IPSEC
option IPSEC_DEBUG
device crypto
cd /usr/src
make buildkernel KERNCONF=IPSECKERNEL
make installkernel KERNCONF= IPSECKERNEL
shutdown -r now
when I setup the setkey.conf:
add ipv6-address ipv6-address esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbc1to2" -A hmac-sha1 "ipv6readylogsha11to2";
spdadd ipv6-address ipv6-address any -P in ipsec esp/transport//require;
add ipv6-address ipv6-address esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbc2to1" -A hmac-sha1 "ipv6readylogsha12to1";
spdadd ipv6-address ipv6-address any -P out ipsec esp/transport//require;
it is no problem, I can ping pass.
but when I change "-A null" in both side.
my system report:
ah_init0: no authentication key for NULL-HMAC algorithm.
key_setsaval: unable to initialize SA type 3.
if I change "-A aes-xcbc-mac " ,also have problem
could you tell me where problem is , and How can reslove the problem
 Thanks