Am 2017-12-07 13:34, schrieb Jeremie Courreges-Anglas:
On Thu, Dec 07 2017, Bernd <be...@kroenchenstadt.de> wrote:
Am 2017-12-06 18:26, schrieb Jeremie Courreges-Anglas:
On Wed, Dec 06 2017, Bernd <be...@kroenchenstadt.de> wrote:
[...]
As a result, the IPSec tunnel can not be established. What did
I overlook here?
Looks like ipsec.conf(5) was not loaded, see the manpage, paragraph
4 of
DESCRIPTION.
Hi,
ipsec=YES is set in rc.conf.local:
# cat /etc/rc.conf.local
isakmpd_flags="-K"
ipsec=YES # IPsec
OK, then let's go back to your config: did you test it for validity?
ritchie ~$ cat /tmp/ipsec.conf
ike esp from any to any peer 192.0.2.1/27 \
main auth hmac-sha2-256 enc aes-256 group modp2048 \
psk "myverygoodsecretPSK"
ritchie ~$ ipsecctl -nvf /tmp/ipsec.conf
/tmp/ipsec.conf: 1: syntax error
ipsecctl: Syntax error in config file: ipsec rules not loaded
ritchie ~$
Drop the /27 and ipsecctl(8) is happy. It seems weird to specify
a netmask as a "peer", maybe you should reconsider what you're using
"peer" for.
Yes, thanks, it was indeed the netmask. Tunnel was up and running.
However, in the meanwhile our customer forced us – "due to legal
reasons" – to use Cisco equipment.
Thanks
Bernd
