I am currently building an OpenBSD 4.1 firewall and setting VPN as
well.
I've changed isakmpd_flag=NO to isakmpd_flags="" # for normal
use: "" to enable isakmpd Daemon. I've created two isakmpd related files
in /etc/isakmpd as below. I can also see a message from console after
restart
starting isakmpd
Somehow I cannot find isakmpd precess running in background while I
typed command:
ps -ax
There are two NICs on that firewall: em0 is for external 172.20.0.188
and em1 is for for internal set to 192.168.30.1
What does problem look like? How can I load isakmpd properly?
Thanks a million!
isakmpd.conf ----------------------
[General]
Retransmits= 5
Exchange-max-time= 120
Listen-on= 172.20.0.188
[Phase 1]
default= ISAKMP-clients
[Phase 2]
Passive-Connections= IPsec-clients
[ISAKMP-clients]
Phase= 1
Transport= udp
Configuration= SoftPK-main-mode
Authentication= hgKfdsGFd67ds9gdmenglals98csds
[IPsec-clients]
Phase= 2
Configuration= SoftPK-quick-mode
Local-ID= default-route
Remote-ID= dummy-remote
[Net-ASGT]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.30.0
Netmask= 255.255.255.0
[default-route]
ID-type= IPV4_ADDR_SUBNET
Network= 0.0.0.0
Netmask= 0.0.0.0
[dummy-remote]
ID-type= IPV4_ADDR
Address= 0.0.0.0
[Default-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Default-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-AES-SHA-PFS-SUITE
[SoftPK-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[SoftPK-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-PFS-SUITE
#-----------end of file--------
isakmpd.policy --------------
KeyNote-Version: 2
Comment: This policy accepts ESP SAs from a remote that uses the
right password
Authorizer: "POLICY"
Licensees: "passphrase:hgKfdsGFd67ds9gdmenglals98csds"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg != "null" &&
esp_auth_alg == "hmac-sha" -> "true";
#-----------end of file--------
Wilson J. Liu
Network Systems Administrator
23 Lesmill Road, Suite 404
Toronto, Ontario M3B 3P6, Canada
Tel: (416) 445-7162 x 230 Fax: (416) 445-2341
e-mail: [EMAIL PROTECTED]
website: www.bsharp.com <http://www.bsharp.com/>
-----------------------
Information contained in this e-mail message is intended only for the
use of the individual to whom it is addressed and is private and
confidential. If you are not the intended recipient, or the employee or
agent responsible for delivering this message to the intended recipient,
any dissemination, distribution or copying of this communication is
strictly prohibited. If you have received this message in error, please
kindly destroy it and notify the sender immediately by reply e-mail.
Thank you for your cooperation.
------------------------
[demime 1.01d removed an attachment of type image/jpeg which had a name of
image001.jpg]
