Re: isakmpd fills my log

Wed, 30 Nov 2005 07:06:38 -0800 

Hans-Joerg Hoexer wrote:


please show us your config files.

On Wed, Nov 30, 2005 at 03:31:27PM +0100, martin wrote:
hi all, i use ipsec to replace wep for my wlan so the setup is pretty simple and all and everything works. I used this page http://www.dietlein.com/requisites/ipsec/ to get it to work and my configs are the same as in the guide. The problem is since i switched from 3.7 to 3.8 isakmpd fills my /var/log/messages with info that it cant connect when my laptop if off. 
Like below all around the clock.
How can i stop this the best way ? i start isakmpd in rc.conf with just ""

best regards martin
Nov 30 15:15:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:15:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:16:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:18:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 Nov 30 15:19:46 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:19:55 fjuttsi isakmpd[3201]: sendmsg (7, 0xcfbcab20, 0): Host is down Nov 30 15:20:19 fjuttsi isakmpd[3201]: transport_send_messages: giving up on exchange IPsec-ignition-soekris, no response from peer 10.10.10.9:500 




----------
* Stay in touch with www.inMail24.com! Your time-proof mailbox and photoalbum
* Zoner PhotoStudio 7 - Your Photos perfect, shared, organised! www.zoner.com




mkay..

isakmpd.conf

[General]
Policy-file=            /etc/isakmpd/isakmpd.policy
Retransmits=            4
Listen-On=              10.10.10.10

[Phase 1]
10.10.10.9=             ISAKMP-peer-ignition

[Phase 2]
Connections=            IPsec-ignition-soekris

[ISAKMP-peer-ignition]
Phase=                  1
Transport=              udp
Local-Address=          10.10.10.10
Address=                10.10.10.9
Configuration=          Default-main-mode
Authentication=         2secret2btrue

[IPsec-ignition-soekris]
Phase=                  2
ISAKMP-peer=            ISAKMP-peer-ignition
Configuration=          Default-quick-mode
Local-ID=               Addr-fjuttsi
Remote-ID=              Addr-laptop

[Addr-laptop]
ID-type=                IPV4_ADDR
Address=                10.10.10.9

[Addr-fjuttsi]
ID-type=                IPV4_ADDR
Address=                10.10.10.10

[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA

[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-3DES-SHA-SUITE


...isakmpd.policy...

KeyNote-Version: 2
Comment: This policy accepts ESP SAs from a remote that uses the right password 
Authorizer: "POLICY"
Licensees: "passphrase:2secret2btrue"
Conditions: app_domain == "IPsec policy" &&
           esp_present == "yes" &&
           esp_enc_alg == "3des" &&
           esp_auth_alg == "hmac-sha" -> "true";

Reply via email to