# ipsec-tools: only has ah hmac-sha1, no aes-xcbc-mac and null



## wangdx77 (Nov 25, 2008)

Thanks all: 
I configure the ipsec on Freebsd 7.0 :
   cd /usr/src/sys/i386/conf
 cp GENERIC  IPSECKERNEL
 ee IPSECKERNEL
    option IPSEC
    option IPSEC_DEBUG
    device crypto
 cd /usr/src
 make buildkernel KERNCONF=IPSECKERNEL
make installkernel KERNCONF= IPSECKERNEL
shutdown -r now

when I setup the setkey.conf:
 add ipv6-address ipv6-address esp 0x2000 -m transport -E 3des-cbc "ipv6readylogo3descbc1to2" -A hmac-sha1 "ipv6readylogsha11to2"; 

spdadd ipv6-address ipv6-address any -P in ipsec esp/transport//require; 


add ipv6-address ipv6-address esp 0x1000 -m transport -E 3des-cbc "ipv6readylogo3descbc2to1" -A hmac-sha1 "ipv6readylogsha12to1"; 

spdadd ipv6-address ipv6-address any -P out ipsec esp/transport//require;


it is no problem, I can ping pass.
but when I change "-A null" in both side.
my system report: 

ah_init0: no authentication key for NULL-HMAC algorithm.
key_setsaval: unable to initialize SA type 3.   

if I change "-A aes-xcbc-mac " ,also have problem
could you tell me where problem is , and How can reslove the problem
 ã€€Thanks


----------

