I want a lan encrypted with ipsec.
This is my /etc/inet/ike/config
p1_xform
{ auth_method preshared oakley_group 5 auth_alg sha256 encr_alg aes }
p2_pfs 2
this is my /etc/inet/secret/ike.preshared
# ike.preshared on hostA, 192.168.0.21
#...
{ localidtype IP
localid 192.168.0.21
remoteidtype IP
remoteid 192.168.0.119
key *****...
}
this is my /etc/inet/ipsecinit.conf
# LAN traffic to and from this host can bypass IPsec.
{laddr 192.168.0.21 dir both} bypass {}
# Lan encrypted
{laddr 10.4.0.0/24 dir both} apply {auth_algs sha256 encr_algs aes sa shared}
Services are actives
for i in ike ipsec/policy;do svcadm refresh $i; done
svcs -a|grep ipse
disabled 22:12:33 svc:/network/ipsec/manual-key:default
online 22:12:56 svc:/network/ipsec/ipsecalgs:default
online 22:50:34 svc:/network/ipsec/ike:default
online 22:50:34 svc:/network/ipsec/policy:default
Interface is active
ifconfig e1000g1
e1000g1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 3
inet 10.4.0.1 netmask ffffff00 broadcast 10.4.0.255
ether SE:CR:ET
But nothing work, no ping,no telnet,nothing.
dmesg said
[ID 726330 kern.error] ipsec_check_global_policy: Dropping inbound secure datagram because it does not match the policy; Source 010.004.000.001, Destination 010.004.000.001.