On Thu, Aug 16, 2007 at 06:43:34PM -0700, Steve B wrote:
> I made a few changes and did some more testing this evening.
>
> 1. I changed the /etc/ipsec.conf to bring it in line with the Greenbow
> default transforms that Hans-Joerg recommened.
>
> # cat /etc/ipsec.conf
> ike dynamic esp tunnel from any to 192.168.1.0/24 \
> main auth hmac-sha1 enc 3des group modp1024 \
> quick auth hmac-sha1 enc 3des \
> psk abc123
>
> 2. I created the basic polciy file:
>
> # cat /etc/isakmpd/isakmpd.policy
> KeyNote-Version: 2
> Authorizer: "POLICY"
>
> 3. Being lazy I rebooted the server and tried starting isakmpd manually
> without the "-K". It would not start. When I tried starting it with "-dLv" I
> got the message:
>
> 180252.969043 Default check_file_secrecy_fd: not loading
> /etc/isakmpd/isakmpd.policy - too open permissions
> 180252.970281 Default policy_init: cannot read /etc/isakmpd/isakmpd.policy:
> Operation not permitted
>
> So I went back and started it with "-K".
wrong. just fix the permissions of the policy file:
chmod 600 /etc/isakmpd/isakmpd.policy
