SEO

hi
I am trying to follow http://www.csh.rit.edu/~jon/text/papers/tunneling/
to setup a tunnel between two privite subnets. 192.168.1.22 and
192.168.1.33 are two opnebsd 3.4 gateways I have.

my bridgename.bridge0 configuration is
# cat /etc/bridgename.bridge0

add gif0
add xl1
#
!ipsecadm flush
!ipsecadm new esp -spi 2000 -dst 192.168.1.33 -src 192.168.1.22 -enc \
3des -auth sha1 -key d09fffc3ebaee12362d65b38068dd381df89e4961ed282b3 \
-authkey 5ee0fc2cc2197fe24417934cac6db483b53eace3
!ipsecadm new esp -spi 2001 -dst 192.168.1.22 -src 192.168.1.33 -enc \
3des -auth sha1 -key d09fffc3ebaee12362d65b38068dd381df89e4961ed282b3 \
-authkey 5ee0fc2cc2197fe24417934cac6db483b53eace3
!ipsecadm flow -dst 192.168.1.33 -out -transport etherip -require -addr\
192.168.1.22 255.255.255.255 192.168.1.33 255.255.255.255
#
up
#

I can not ping the privite subnet behind the other gateway.

# cat /kern/ipsec

Hashmask: 31, policy entries: 1
SPI = 00002000, Destination = 192.168.1.33, Sproto = 50
Established 95 seconds ago
Source = (null)
Flags (00000000) = <none>
Crypto ID: 1
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
176 bytes processed by this SA
Last used 88 seconds ago
Expirations:
(none)

SPI = 00002001, Destination = 192.168.1.22, Sproto = 50
Established 95 seconds ago
Source = (null)
Flags (00000000) = <none>
Crypto ID: 2
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
(none)
#
#
I think "Source = (null)" is the problem. Can someone tell me how to fix
this? Thank you very much.

regards.