Hi Stuart,
you are right, and i was tired :p, i haven't seen the source was wrong
in tcpdump.
In fact, the negotiation uses WAN src ip instead of LAN src ip. I forced
src with local A.B.C.D and then, it works !
Thanks for your advice, i need to clean my eyes ^^
Have a nice day
--
Best regards,
Hello Misc !
I have a strange problem, and google doesn't help me.
I want to make an IPSec+GRE tunnel with OSPF. For now, OSPF over GRE is
perfectly working (ipv4+ipv6).
I have a problem with IPSec, and I don't find how to resolve it.
It's a fresh OpenBSD 5.2 image.
The error is the following:
On 2013-03-01, Loïc Blot loic.b...@unix-experience.fr wrote:
Hello Misc !
I have a strange problem, and google doesn't help me.
I want to make an IPSec+GRE tunnel with OSPF. For now, OSPF over GRE is
perfectly working (ipv4+ipv6).
I have a problem with IPSec, and I don't find how to resolve
Thanks for the reply Stuart, but:
- It's a test network, with an offline switch
- only the two routers are on the switch, with the good VLAN connected
by one LACP trunk (for each device)
- isakmp negotation is from the expected hosts
- the certificate are default certificates, generated by OpenBSD
On 2013/03/01 20:16, Loïc BLOT wrote:
Thanks for the reply Stuart, but:
- It's a test network, with an offline switch
- only the two routers are on the switch, with the good VLAN connected
by one LACP trunk (for each device)
- isakmp negotation is from the expected hosts
- the certificate
Hi misc,
I've been trying to configure the following IPSec client using
certificates, but with no success. I want to use it a roadwarrior setup:
http://www.ncp-e.com/en/vpn-szenarien-produkte/vpn-produkte/secure-entry-client.html
Of course, I'm using isakmpd on the OpenBSD side (4.3). I did
Are you expiring lifetime on bandwidth or time? Probably the defaults
of whatever transforms suite you're using.
Try manually defining it? If you expire on time, say...10 minutes, you
can tcpdump for udp 500 on either side at the expected time and watch
the renegotiation.
Maybe UDP packets are
Hey everyone
I am hoping I am posting this to the correct list
I am running an AMD 2200+ w/ 512mb of ram and all intel pro cards in my main
location.
I have 14 other locations connecting back to this 1 location and each location
creates 3 tunnels to this system as I have
3 internal network
(posted a similar message originally on the IPSec list; thought I'd post
here too)
Hey all-
I almost have a working VPN between isakmpd and a Netscreen box-- things
fail at phase 2 as the peers enter quick mode.
64.81.74.226 = isakmpd
206.14.210.146 = netscreen
00:28:11.947907
Hi,
this worked with an older isakmpd version? Is this netscreen box
some kind of appliance or just some windows software?
The general problem is, I can only test interoperatibility with
open source vpn solutions on standard hareware. If people need to
rely on interoperability with appliance X
On Wed, 27 Jul 2005, Hans-Joerg Hoexer wrote:
Hi,
this worked with an older isakmpd version? Is this netscreen box
some kind of appliance or just some windows software?
Nope, I've not been able to get isakmpd and the netscreen to finish phase
2. Sorry I wasn't clearer about the type of
]
Sent: Wednesday, July 27, 2005 2:50 AM
To: Hans-Joerg Hoexer
Cc: misc
Subject: Re: Phase 2 problem between isakmpd and Netscreen
On Wed, 27 Jul 2005, Hans-Joerg Hoexer wrote:
Hi,
this worked with an older isakmpd version? Is this netscreen box some
kind of appliance or just some windows
12 matches
Mail list logo