On Tue, Dec 05, 2006 at 07:48:26AM -0600, Ryan Corder wrote:
On Tue, 2006-12-05 at 12:06 +0900, Mathieu Sauve-Frankel wrote:
now, I got the tunnel setup just fine using just ipsec.conf. I was just
curios if there was a quick and simple way to to test traffic through
the tunnel since it
On Tue, 2006-12-05 at 12:06 +0900, Mathieu Sauve-Frankel wrote:
now, I got the tunnel setup just fine using just ipsec.conf. I was just
curios if there was a quick and simple way to to test traffic through
the tunnel since it is just a host to host configuration.
I'm curious to know why
On 12/5/06, Ryan Corder [EMAIL PROTECTED] wrote:
I never said that ping wasn't a good test...if I could use ping I would.
However, in the setup where I have two machines, A and B that have
addresses 192.168.2.5 and 192.168.2.6 respectively and an IPSec tunnel
setup as so:
A - ike esp from
On Sat, 2006-12-02 at 21:33 +0900, Mathieu Sauve-Frankel wrote:
output of '/sbin/isakmpd -SKvd' give no output on either host.
Don't use -S. It should ONLY be used when running two ipsec gateways
in failover mode with carp and sasyncd.
if anyone knows, what is a good way to test a host 2
Original message
Date: Mon, 04 Dec 2006 10:38:07 -0600
From: Ryan Corder [EMAIL PROTECTED]
Subject: Re: vpn difficulties
Cc: misc@openbsd.org
On Sat, 2006-12-02 at 21:33 +0900, Mathieu Sauve-Frankel wrote:
output of '/sbin/isakmpd -SKvd' give no output on either host.
Don't use
On 12/4/06, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote:
if anyone knows, what is a good way to test a host 2 host VPN? Since
I'm not routing two different networks across the VPN, there is nothing
easy to test like pinging a host on the other end of the tunnel.
this is easy enough to setup
Original message
Date: Mon, 4 Dec 2006 17:16:51 -0500
From: Martin Gignac [EMAIL PROTECTED]
Subject: Re: vpn difficulties
To: misc@openbsd.org
On 12/4/06, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote:
if anyone knows, what is a good way to test a host 2 host VPN? Since
I'm
On Mon, Dec 04, 2006 at 02:26:21PM -0600, Jacob Yocom-Piatt wrote:
this is easy enough to setup using isakmpd.conf files, but i don't know how to
do it with ipsec.conf yet. a rosetta stone for such translations would be
nice.
ipsecctl -nvf /etc/ipsec.conf will show you all of the FIFO
openbsd ipsec, i was not able to figure out how to convert from the below
isakmpd.conf (from
http://72.14.203.104/search?q=cache:gspcrTnrOq8J:www.openbsd.cz/~pruzicka/vpn.html+ipsec+windows+xp+openbsdhl=engl=usct=clnkcd=4client=firefox-a
):
try this. You probably want to try this on 4.0's
ike passive esp from any to any main auth hmac-sha1 enc 3des-cbc \
quick auth hmac-sha1 enc 3des-cbc group modp1024 \
psk sharedsecret
actually, this is more what you're looking for
ike passive esp from any to 0.0.0.0 main auth hmac-sha1 enc 3des-cbc \
quick auth hmac-sha1
On Mon, 2006-12-04 at 14:26 -0600, Jacob Yocom-Piatt wrote:
this is easy enough to setup using isakmpd.conf files, but i don't know how
to
do it with ipsec.conf yet. a rosetta stone for such translations would be
nice.
i recommend you google for an isakmpd.conf based setup that tunnels from
now, I got the tunnel setup just fine using just ipsec.conf. I was just
curios if there was a quick and simple way to to test traffic through
the tunnel since it is just a host to host configuration.
I'm curious to know why you don't think ping is a good tool to test
this with ? run ping and
output of '/sbin/isakmpd -SKvd' give no output on either host.
Don't use -S. It should ONLY be used when running two ipsec gateways
in failover mode with carp and sasyncd.
--
Mathieu Sauve-Frankel
13 matches
Mail list logo