in this video forget the isakmpd configuration!...
but i can config simple isakmpd with this:
lan---obsd------inet------roadwarrior
|______vpn_________|
lan ip class : 192.168.1.0/24
obsd:
int_if : 192.168.1.xyz
ext_if : 0.0.0.0/32 (internet)
roadwarrior:
ext_if : 0.0.0.0/32 (internet)
ok now u config obsd, isakmpd.conf, isakmpd.policy and ipsec.conf
isakmpd.conf:
[General]
Listen-on= your_ext_ip_address
[Phase 1]
Default= any
[Phase 2]
Default= any2
[any]
Phase= 1
Configuration= Default-main-mode
Authentication= your_password
[any2]
Phase= 2
Configuration= Default-main-mode
Authentication= your_password
[Default-main-mode]
EXCHANGE_TYPE= ID_PROT
Transforms= AES-SHA,3DES-SHA
isakmpd.policy:
Authorizer: "POLICY"
Licensees: "passphrase:your_password"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
esp_enc_alg == "3des" &&
esp_auth_alg == "hmac-sha" -> "true";
ipsec.conf:
ike dynamic from any to any \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des group none \
psk your_password
ok change the permiossion on isakmpd.conf and isakmpd.policy:
chmod 600 /etc/isakmpd/isakmpd.conf
chmod 600 /etc/isakmpd/isakmpd.policy
and "rebooting" daemon's
ipsecctl -f /etc/ipsec.conf
killing isakmpd and
launch in debug mode:
isakmpd -d -DA=99
if all work, changes rc file and reboot
this is very poor and stupid config but work for any "emergency" ....
bye
p.s. for roadwarrior configuration of "thegreenbow" vpn client it bases to
video of www.allard.nu but change aes to 3des
