List Info

Thread: SOS! isakmpd cannot be loaded in OpenBSD properly
SOS! isakmpd cannot be loaded in OpenBSD properly
country flaguser name
Canada		 2007-06-18 09:02:05 
I am currently  building an OpenBSD 4.1 firewall and setting
VPN as
well.
I've changed isakmpd_flag=NO to isakmpd_flags=""  
     # for normal
use: "" to enable isakmpd Daemon. I've created two
isakmpd related files
in /etc/isakmpd as below. I can also see a message from
console after
restart

starting isakmpd

Somehow I cannot find isakmpd precess running in background
while I
typed command:

ps -ax

There are two NICs on that firewall: em0 is for external
172.20.0.188
and em1 is for for internal set to 192.168.30.1

What does problem look like?  How can I load isakmpd
properly?

Thanks a million!




isakmpd.conf ----------------------

[General]
Retransmits=            5
Exchange-max-time=      120
Listen-on=              172.20.0.188

[Phase 1]
default=                ISAKMP-clients

[Phase 2]
Passive-Connections=    IPsec-clients


[ISAKMP-clients]
Phase=                  1
Transport=              udp
Configuration=          SoftPK-main-mode
Authentication=         hgKfdsGFd67ds9gdmenglals98csds


[IPsec-clients]
Phase=                  2
Configuration=          SoftPK-quick-mode
Local-ID=               default-route
Remote-ID=              dummy-remote


[Net-ASGT]
ID-type=                IPV4_ADDR_SUBNET
Network=                192.168.30.0
Netmask=                255.255.255.0

[default-route]
ID-type=                IPV4_ADDR_SUBNET
Network=                0.0.0.0
Netmask=                0.0.0.0

[dummy-remote]
ID-type=                IPV4_ADDR
Address=                0.0.0.0

[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA

[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-AES-SHA-PFS-SUITE

[SoftPK-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA

[SoftPK-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-3DES-SHA-PFS-SUITE

#-----------end of file--------

isakmpd.policy --------------
KeyNote-Version: 2
Comment:        This policy accepts ESP SAs from a remote
that uses the
right password
Authorizer:     "POLICY"
Licensees:     
"passphrase:hgKfdsGFd67ds9gdmenglals98csds"
Conditions:     app_domain == "IPsec policy"
&&
                        esp_present == "yes"
&&
                        esp_enc_alg != "null"
&&
                        esp_auth_alg == "hmac-sha"
-> "true";

#-----------end of file--------





Wilson J. Liu



Network Systems Administrator





  23 Lesmill Road, Suite 404

  Toronto, Ontario M3B 3P6, Canada

  Tel:  (416) 445-7162 x 230    Fax: (416) 445-2341

  e-mail:     wilsonlbsharp.com

  website:   www.bsharp.com <http://www.bsharp.com/>

-----------------------

Information contained in this e-mail message is intended
only for the
use of the individual to whom it is addressed and is private
and
confidential. If you are not the intended recipient, or the
employee or
agent responsible for delivering this message to the
intended recipient,
any dissemination, distribution or copying of this
communication is
strictly prohibited. If you have received this message in
error, please
kindly destroy it and notify the sender immediately by reply
e-mail.
Thank you for your cooperation.
------------------------

[demime 1.01d removed an attachment of type image/jpeg which
had a name of image001.jpg]
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )