Hi Tobias,
> So the error message is probably in the other side's logs but here is
> a guess: 5.6 doesn't know curve25519.
>
> Try adding the following to your iked.conf:
>
> ikesa group modp2048
Many thanks!!!
That was the issue and you saved me from pulling what I have left of hairs.
On 2020-06-16 12:32, Tobias Heider wrote:
On Fri, Jun 12, 2020 at 09:27:18PM +0200, Tobias Heider wrote:
On Fri, Jun 12, 2020 at 03:31:56PM +0200, Patrik Ragnarsson wrote:
Hi,
We have two OpenBSD machines acting as gateways for our network using
CARP and IPsec (IKEv2).
When the machines were
On Tue, Jun 16, 2020 at 08:20:59PM -0400, Daniel Ouellet wrote:
> Hi,
>
> > What I see is that the initial message is received but ignored, so this
> > side here probably runs into some kind of error.
> > To find out what exactly causes this, a more verbose log would help.
> > You could manually
Hi,
> What I see is that the initial message is received but ignored, so this
> side here probably runs into some kind of error.
> To find out what exactly causes this, a more verbose log would help.
> You could manually start iked with -dvv and share the log for an
> incoming IKE_SA_INIT request
On Tue, Jun 16, 2020 at 05:08:47PM -0400, Daniel Ouellet wrote:
> > The retransmits tell us that the peer doesn't answer. Or, to be more
> > precise, it doesn't receive *any* message from the peer. Can you have
> > a look at the peer's logs? Does the peer see these packets but chooses
> > not
On 2020-06-12, Tobias Heider wrote:
> Probably related to the following change documented in
> https://www.openbsd.org/faq/upgrade67.html:
>
> iked(8)/isakmpd(8). The type of incoming ipsec(4) flows installed by iked(8)
> or
> isakmpd(8) was changed from "use" to "require". This means
> The retransmits tell us that the peer doesn't answer. Or, to be more
> precise, it doesn't receive *any* message from the peer. Can you have
> a look at the peer's logs? Does the peer see these packets but chooses
> not to reply? Is the peer also an OpenBSD? 6.6? 6.7?
Not a big deal, but
On Tue, Jun 16, 2020 at 02:11:21PM -0400, Daniel Ouellet wrote:
>
>
> On 6/16/20 1:35 PM, Patrick Wildt wrote:
> > On Tue, Jun 16, 2020 at 01:09:32PM -0400, Daniel Ouellet wrote:
> >> Hi Tobias,
> >>
> >> I put below the full configuration and the flows as well with the 6.6
> >> binary and
Hi guys,
First of all, thanks for the amazing work you've done with 6.7!
That said, I've got the same issue here after I updated to 6.7. The VPN
keeps cutting off every 10 minutes or so. Is there any way I could fix
that ?
Here's my configuration:
local_gw="203.0.113.1"
On 6/16/20 1:35 PM, Patrick Wildt wrote:
> On Tue, Jun 16, 2020 at 01:09:32PM -0400, Daniel Ouellet wrote:
>> Hi Tobias,
>>
>> I put below the full configuration and the flows as well with the 6.6
>> binary and switch to the 6.7 binary without any other changes as well as
>> the full config.
>>
On Tue, Jun 16, 2020 at 01:09:32PM -0400, Daniel Ouellet wrote:
> Hi Tobias,
>
> I put below the full configuration and the flows as well with the 6.6
> binary and switch to the 6.7 binary without any other changes as well as
> the full config.
>
> The config may be a bit weird at first as I
Hi Tobias,
I put below the full configuration and the flows as well with the 6.6
binary and switch to the 6.7 binary without any other changes as well as
the full config.
The config may be a bit weird at first as I tunnel routable IP's over
the iked over a Verizon Fios line. You can't get
Hi,
On Tue, Jun 16, 2020 at 03:25:12PM +0200, tris...@pilat.me wrote:
> Hi guys,
>
> First of all, thanks for the amazing work you've done with 6.7!
>
> That said, I've got the same issue here after I updated to 6.7. The VPN
> keeps cutting off every 10 minutes or so. Is there any way I could
On Fri, Jun 12, 2020 at 09:27:18PM +0200, Tobias Heider wrote:
> On Fri, Jun 12, 2020 at 03:31:56PM +0200, Patrik Ragnarsson wrote:
> > Hi,
> >
> > We have two OpenBSD machines acting as gateways for our network using
> > CARP and IPsec (IKEv2).
> >
> > When the machines were running OpenBSD
Hi Daniel,
On Mon, Jun 15, 2020 at 08:04:43PM -0400, Daniel Ouellet wrote:
> > Probably related to the following change documented in
> > https://www.openbsd.org/faq/upgrade67.html:
> >
> > iked(8)/isakmpd(8). The type of incoming ipsec(4) flows installed by
> > iked(8) or
> > isakmpd(8) was
> Probably related to the following change documented in
> https://www.openbsd.org/faq/upgrade67.html:
>
> iked(8)/isakmpd(8). The type of incoming ipsec(4) flows installed by iked(8)
> or
> isakmpd(8) was changed from "use" to "require". This means unencrypted traffic
> matching the flows will
On 6/15/20 8:04 PM, Daniel Ouellet wrote:
>> Probably related to the following change documented in
>> https://www.openbsd.org/faq/upgrade67.html:
>>
>> iked(8)/isakmpd(8). The type of incoming ipsec(4) flows installed by iked(8)
>> or
>> isakmpd(8) was changed from "use" to "require". This means
On Fri, Jun 12, 2020 at 03:31:56PM +0200, Patrik Ragnarsson wrote:
> Hi,
>
> We have two OpenBSD machines acting as gateways for our network using
> CARP and IPsec (IKEv2).
>
> When the machines were running OpenBSD 6.6, from an IPSec client, you
> were able to reach the passive gateway while
18 matches
Mail list logo