Re: SOS! isakmpd cannot be loaded in OpenBSD properly
On 2007/06/18 13:48, Wilson Liu wrote: What does problem look like? How can I load isakmpd properly? What's logged? (/var/log/daemon)
SOS! isakmpd cannot be loaded in OpenBSD properly
I am currently building an OpenBSD 4.1 firewall and setting VPN as well. I've changed isakmpd_flag=NO to isakmpd_flags=# for normal use: to enable isakmpd Daemon. I've created two isakmpd related files in /etc/isakmpd as below. I can also see a message from console after restart starting isakmpd Somehow I cannot find isakmpd precess running in background while I typed command: ps -ax There are two NICs on that firewall: em0 is for external 172.20.0.188 and em1 is for for internal set to 192.168.30.1 What does problem look like? How can I load isakmpd properly? Thanks a million! isakmpd.conf -- [General] Retransmits=5 Exchange-max-time= 120 Listen-on= 172.20.0.188 [Phase 1] default=ISAKMP-clients [Phase 2] Passive-Connections=IPsec-clients [ISAKMP-clients] Phase= 1 Transport= udp Configuration= SoftPK-main-mode Authentication= hgKfdsGFd67ds9gdmenglals98csds [IPsec-clients] Phase= 2 Configuration= SoftPK-quick-mode Local-ID= default-route Remote-ID= dummy-remote [Net-ASGT] ID-type=IPV4_ADDR_SUBNET Network=192.168.30.0 Netmask=255.255.255.0 [default-route] ID-type=IPV4_ADDR_SUBNET Network=0.0.0.0 Netmask=0.0.0.0 [dummy-remote] ID-type=IPV4_ADDR Address=0.0.0.0 [Default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-PFS-SUITE [SoftPK-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [SoftPK-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE #---end of file isakmpd.policy -- KeyNote-Version: 2 Comment:This policy accepts ESP SAs from a remote that uses the right password Authorizer: POLICY Licensees: passphrase:hgKfdsGFd67ds9gdmenglals98csds Conditions: app_domain == IPsec policy esp_present == yes esp_enc_alg != null esp_auth_alg == hmac-sha - true; #---end of file Wilson J. Liu Network Systems Administrator 23 Lesmill Road, Suite 404 Toronto, Ontario M3B 3P6, Canada Tel: (416) 445-7162 x 230Fax: (416) 445-2341 e-mail: [EMAIL PROTECTED] website: www.bsharp.com http://www.bsharp.com/ --- Information contained in this e-mail message is intended only for the use of the individual to whom it is addressed and is private and confidential. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please kindly destroy it and notify the sender immediately by reply e-mail. Thank you for your cooperation. [demime 1.01d removed an attachment of type image/jpeg which had a name of image001.jpg]
Re: SOS! isakmpd cannot be loaded in OpenBSD properly
Have you looked in /var/log/messages for messages? have you run isakmpd in the foreground with debugging enabled? isakmpd -d -DA=2 Wilson Liu wrote: I am currently building an OpenBSD 4.1 firewall and setting VPN as well. I've changed isakmpd_flag=NO to isakmpd_flags=# for normal use: to enable isakmpd Daemon. I've created two isakmpd related files in /etc/isakmpd as below. I can also see a message from console after restart starting isakmpd Somehow I cannot find isakmpd precess running in background while I typed command: ps -ax There are two NICs on that firewall: em0 is for external 172.20.0.188 and em1 is for for internal set to 192.168.30.1 What does problem look like? How can I load isakmpd properly? Thanks a million! isakmpd.conf -- [General] Retransmits=5 Exchange-max-time= 120 Listen-on= 172.20.0.188 [Phase 1] default=ISAKMP-clients [Phase 2] Passive-Connections=IPsec-clients [ISAKMP-clients] Phase= 1 Transport= udp Configuration= SoftPK-main-mode Authentication= hgKfdsGFd67ds9gdmenglals98csds [IPsec-clients] Phase= 2 Configuration= SoftPK-quick-mode Local-ID= default-route Remote-ID= dummy-remote [Net-ASGT] ID-type=IPV4_ADDR_SUBNET Network=192.168.30.0 Netmask=255.255.255.0 [default-route] ID-type=IPV4_ADDR_SUBNET Network=0.0.0.0 Netmask=0.0.0.0 [dummy-remote] ID-type=IPV4_ADDR Address=0.0.0.0 [Default-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-PFS-SUITE [SoftPK-main-mode] DOI=IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [SoftPK-quick-mode] DOI=IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE #---end of file isakmpd.policy -- KeyNote-Version: 2 Comment:This policy accepts ESP SAs from a remote that uses the right password Authorizer: POLICY Licensees: passphrase:hgKfdsGFd67ds9gdmenglals98csds Conditions: app_domain == IPsec policy esp_present == yes esp_enc_alg != null esp_auth_alg == hmac-sha - true; #---end of file Wilson J. Liu Network Systems Administrator 23 Lesmill Road, Suite 404 Toronto, Ontario M3B 3P6, Canada Tel: (416) 445-7162 x 230Fax: (416) 445-2341 e-mail: [EMAIL PROTECTED] website: www.bsharp.com http://www.bsharp.com/ --- Information contained in this e-mail message is intended only for the use of the individual to whom it is addressed and is private and confidential. If you are not the intended recipient, or the employee or agent responsible for delivering this message to the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please kindly destroy it and notify the sender immediately by reply e-mail. Thank you for your cooperation. [demime 1.01d removed an attachment of type image/jpeg which had a name of image001.jpg]