Re: ipsec vpn?

Wed, 22 Aug 2007 16:03:56 -0700 

On Thu, Aug 16, 2007 at 09:56:05AM +0200, Hans-Joerg Hoexer wrote:
> Can you try to run isakmpd without "-K" and use a 2 line isakmpd.policy
> like this:
> 
> KeyNote-Version: 2
> Authorizer: "POLICY"
> 
> This policy accepts anything, so this should be done only for testing.

Well done this such policy Hans:

1. ps ax | g isa

   914 ??  Is      0:00.02 isakmpd: monitor [priv] (isakmpd)
   24931 ??  I     0:00.70 isakmpd

   ; ls -la /etc/isakmpd/isakmpd.policy
   ; -rw-------  1 root  wheel  40 Aug 23 01:25 /etc/isakmpd/isakmpd.policy

2. cat /etc/ipsec.conf

   ike passive from any to 10.1.1.0/24 \
        main  auth hmac-sha1 enc 3des group modp1024 \
        quick auth hmac-sha1 enc 3des psk q1w2e3

3. ipsecctl -F -f /etc/ipsec.conf

4. NO any problems from GreenBow VPN Client side:

20070823 014500 Default (SA CnxVpn1-P1) SEND phase 1 Main Mode  [SA] [VID] 
[VID] [VID] [VID]
20070823 014500 Default (SA CnxVpn1-P1) RECV phase 1 Main Mode  [SA] [VID] 
[VID] [VID] [VID] [VID]
20070823 014500 Default (SA CnxVpn1-P1) SEND phase 1 Main Mode  [KEY_EXCH] 
[NONCE] [NAT_D] [NAT_D]
20070823 014500 Default (SA CnxVpn1-P1) RECV phase 1 Main Mode  [KEY_EXCH] 
[NONCE] [NAT_D] [NAT_D]
20070823 014500 Default (SA CnxVpn1-P1) SEND phase 1 Main Mode  [HASH] [ID]
20070823 014500 Default (SA CnxVpn1-P1) RECV phase 1 Main Mode  [HASH] [ID] 
[NOTIFY]
20070823 014500 Default phase 1 done: initiator id 192.168.3.33, responder id 
88.81.234.162
20070823 014500 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode  [HASH] 
[SA] [NONCE] [ID] [ID]
20070823 014500 Default (SA CnxVpn1-CnxVpn1-P2) RECV phase 2 Quick Mode  [HASH] 
[SA] [NONCE] [ID] [ID]
20070823 014500 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode  [HASH]
20070823 014530 Default (SA CnxVpn1-P1) SEND Informational  [HASH] [NOTIFY] 
type DPD_R_U_THERE
20070823 014530 Default (SA CnxVpn1-P1) RECV Informational  [HASH] [NOTIFY] 
type DPD_R_U_THERE_ACK
20070823 014600 Default (SA CnxVpn1-P1) SEND Informational  [HASH] [NOTIFY] 
type DPD_R_U_THERE
20070823 014600 Default (SA CnxVpn1-P1) RECV Informational  [HASH] [NOTIFY] 
type DPD_R_U_THERE_ACK

; But, still not working for me without isakmpd.policies. ??? Thank you very 
much, 

-- 
Sergey Prysiazhnyi

Reply via email to