Re: vpn difficulties

Jacob Yocom-Piatt Mon, 04 Dec 2006 15:58:00 -0800

---- Original message ----
>Date: Mon, 4 Dec 2006 17:16:51 -0500
>From: "Martin Gignac" <[EMAIL PROTECTED]>  
>Subject: Re: vpn difficulties  
>To: misc@openbsd.org
>
>On 12/4/06, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
>
>> >if anyone knows, what is a good way to test a host 2 host VPN?  Since
>> >I'm not routing two different networks across the VPN, there is nothing
>> >easy to test like pinging a host on the other end of the tunnel.
>>
>> this is easy enough to setup using isakmpd.conf files, but i don't know how 
>> to
>> do it with ipsec.conf yet. a "rosetta stone" for such translations would be 
>> nice.
>
>Isn't the first example from the following excerpt of the 'ipsec.conf'
>man page exactly this (i.e. a host 2 host VPN)?
>
>  # First between the gateway machines 192.168.3.1 and 192.168.3.2
>  # Second between the networks 10.1.1.0/24 and 10.1.2.0/24
>  ike esp from 192.168.3.1 to 192.168.3.2
>  ike esp from 10.1.1.0/24 to 10.1.2.0/24 peer 192.168.3.2
>


for simple configs this is sufficient. however, when experimenting with winxp to
openbsd ipsec, i was not able to figure out how to convert from the below
isakmpd.conf (from
http://72.14.203.104/search?q=cache:gspcrTnrOq8J:www.openbsd.cz/~pruzicka/vpn.html+ipsec+windows+xp+openbsd&hl=en&gl=us&ct=clnk&cd=4&client=firefox-a
):

[General]
Retransmits             = 5
Exchange-max-time       = 120
Listen-on               = 10.0.0.1

[Phase 1]
Default                 = ISAKMP-clients

[Phase 2]
Passive-Connections     = IPSec-clients

[ISAKMP-clients]
Phase                   = 1
Transport               = udp
Configuration           = win-main-mode
Authentication          = shared_secret_password

[IPsec-clients]
Phase                   = 2
Configuration           = win-quick-mode
Local-ID                = default-route
Remote-ID               = dummy-remote

[default-route]
ID-type                 = IPV4_ADDR_SUBNET
Network                 = 0.0.0.0
Netmask                 = 0.0.0.0

[dummy-remote]
ID-type                 = IPV4_ADDR
Address                 = 0.0.0.0

[win-main-mode]
DOI                     = IPSEC
EXCHANGE_TYPE           = ID_PROT
Transforms              = 3DES-SHA-GRP2

[win-quick-mode]
DOI                     = IPSEC
EXCHANGE_TYPE           = QUICK_MODE
Suites                  = QM-ESP-3DES-SHA-SUITE

to an ipsec.conf entry. i tried a number of variations on the suggested entry 
in 

http://marc.theaimsgroup.com/?l=openbsd-misc&m=116318344106832&w=2

to no avail.

cheers,
jake

>-Martin
>
>-- 
>"Suburbia is where the developer bulldozes out the trees, then names
>the streets after them."
>
>                                                   --Bill Vaughan

Re: vpn difficulties

Reply via email to