Hans-Joerg Hoexer wrote:
please show us your config files.
On Wed, Nov 30, 2005 at 03:31:27PM +0100, martin wrote:
hi all, i use ipsec to replace wep for my wlan so the setup is pretty
simple and all and everything works. I used this page
http://www.dietlein.com/requisites/ipsec/ to get it to work and my
configs are the same as in the guide. The problem is since i switched
from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it
cant connect when my laptop if off.
Like below all around the clock.
How can i stop this the best way ? i start isakmpd in rc.conf with just ""
best regards martin
Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host
is down
Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving
up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500
----------
* Stay in touch with www.inMail24.com! Your time-proof mailbox and photoalbum
* Zoner PhotoStudio 7 - Your Photos perfect, shared, organised! www.zoner.com
mkay..
isakmpd.conf
[General]
Policy-file= /etc/isakmpd/isakmpd.policy
Retransmits= 4
Listen-On= 10.10.10.10
[Phase 1]
10.10.10.9= ISAKMP-peer-ignition
[Phase 2]
Connections= IPsec-ignition-soekris
[ISAKMP-peer-ignition]
Phase= 1
Transport= udp
Local-Address= 10.10.10.10
Address= 10.10.10.9
Configuration= Default-main-mode
Authentication= 2secret2btrue
[IPsec-ignition-soekris]
Phase= 2
ISAKMP-peer= ISAKMP-peer-ignition
Configuration= Default-quick-mode
Local-ID= Addr-fjuttsi
Remote-ID= Addr-laptop
[Addr-laptop]
ID-type= IPV4_ADDR
Address= 10.10.10.9
[Addr-fjuttsi]
ID-type= IPV4_ADDR
Address= 10.10.10.10
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
...isakmpd.policy...
KeyNote-Version: 2
Comment: This policy accepts ESP SAs from a remote that uses the right
password
Authorizer: "POLICY"
Licensees: "passphrase:2secret2btrue"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg == "3des" &&
esp_auth_alg == "hmac-sha" -> "true";