On 2016-01-03, Julian Hsiao wrote:
> On 2016-01-02 13:18:15 +, Stuart Henderson said:
>
>> See isakmpd.policy(5). It's an utter pain but it's necessary in order to
>> secure things with isakmpd.
>
> Right, I eventually figured that out by having isakmpd dump out the
>
On 2015-12-31, Julian Hsiao wrote:
> Hi,
>
> I've set up two hosts to experiment with IPsec, obsd1 (192.168.0.1) and
> obsd2 (192.168.0.2).
>
> ipsec.conf on obsd1:
>
> ike passive esp transport \
> from 192.168.0.1 to any \
> main auth hmac-sha2-256 enc aes-128 group
On 2016-01-02 13:18:15 +, Stuart Henderson said:
See isakmpd.policy(5). It's an utter pain but it's necessary in order to
secure things with isakmpd.
Right, I eventually figured that out by having isakmpd dump out the
isakmpd.conf(5) equivalent config. Turns out "ike passive [...]" is
I restart isakmpd on both hosts whenever I change ipsec.conf, and check
that ipsecctl -s sa is empty afterwards. To be sure, I just tried
rebooting both hosts--surely the SAD doesn't persist across reboot--and
I got the same results.
On 2015-12-31 07:34:25 +, Philipp Buehler said:
Am
Hi,
I've set up two hosts to experiment with IPsec, obsd1 (192.168.0.1) and
obsd2 (192.168.0.2).
ipsec.conf on obsd1:
ike passive esp transport \
from 192.168.0.1 to any \
main auth hmac-sha2-256 enc aes-128 group modp8192 \
quick auth hmac-sha2-256 enc aes-128 group modp8192 \
psk
Am 31.12.2015 06:56 schrieb Julian Hsiao:
How do I configure isakmpd such that phase 2 parameters must also
match on both ends in order to establish security associations?
Just a guess, but do:
echo r > /var/run/isakmpd.fifo
and look into the /var/run/isakmpd.report
My bet is, that you had a
6 matches
Mail list logo