login
Login / Register
Header Space

 
 

Home » Mailing list archives » openbsd-misc » 2007 » August » 22

Re: ipsec vpn?

Score:
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Sergey Prysiazhnyi <apelsin@...>
To: <misc@...>
Cc: Hans-Joerg Hoexer <Hans-Joerg.Hoexer@...>
Subject: Re: ipsec vpn?
Date: Wednesday, August 22, 2007 - 6:56 pm

On Thu, Aug 16, 2007 at 09:56:05AM +0200, Hans-Joerg Hoexer wrote:

Well done this such policy Hans:

1. ps ax | g isa

   914 ??  Is      0:00.02 isakmpd: monitor [priv] (isakmpd)
   24931 ??  I     0:00.70 isakmpd

   ; ls -la /etc/isakmpd/isakmpd.policy
   ; -rw-------  1 root  wheel  40 Aug 23 01:25 /etc/isakmpd/isakmpd.policy

2. cat /etc/ipsec.conf

   ike passive from any to 10.1.1.0/24 \
   	main  auth hmac-sha1 enc 3des group modp1024 \
	quick auth hmac-sha1 enc 3des psk q1w2e3

3. ipsecctl -F -f /etc/ipsec.conf

4. NO any problems from GreenBow VPN Client side:

20070823 014500 Default (SA CnxVpn1-P1) SEND phase 1 Main Mode  [SA] [VID] [VID] [VID] [VID]
20070823 014500 Default (SA CnxVpn1-P1) RECV phase 1 Main Mode  [SA] [VID] [VID] [VID] [VID] [VID]
20070823 014500 Default (SA CnxVpn1-P1) SEND phase 1 Main Mode  [KEY_EXCH] [NONCE] [NAT_D] [NAT_D]
20070823 014500 Default (SA CnxVpn1-P1) RECV phase 1 Main Mode  [KEY_EXCH] [NONCE] [NAT_D] [NAT_D]
20070823 014500 Default (SA CnxVpn1-P1) SEND phase 1 Main Mode  [HASH] [ID]
20070823 014500 Default (SA CnxVpn1-P1) RECV phase 1 Main Mode  [HASH] [ID] [NOTIFY]
20070823 014500 Default phase 1 done: initiator id 192.168.3.33, responder id 88.81.234.162
20070823 014500 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20070823 014500 Default (SA CnxVpn1-CnxVpn1-P2) RECV phase 2 Quick Mode  [HASH] [SA] [NONCE] [ID] [ID]
20070823 014500 Default (SA CnxVpn1-CnxVpn1-P2) SEND phase 2 Quick Mode  [HASH]
20070823 014530 Default (SA CnxVpn1-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20070823 014530 Default (SA CnxVpn1-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK
20070823 014600 Default (SA CnxVpn1-P1) SEND Informational  [HASH] [NOTIFY] type DPD_R_U_THERE
20070823 014600 Default (SA CnxVpn1-P1) RECV Informational  [HASH] [NOTIFY] type DPD_R_U_THERE_ACK

; But, still not working for me without isakmpd.policies. ??? Thank you very much, 

-- 
Sergey Prysiazhnyi
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
ipsec vpn?, Sergey Prysiazhnyi, (Sun Aug 12, 6:30 pm)
Re: ipsec vpn?, Hans-Joerg Hoexer, (Wed Aug 15, 4:37 pm)
Re: ipsec vpn?, Sergey Prysiazhnyi, (Wed Aug 15, 7:53 pm)
Re: ipsec vpn?, Hans-Joerg Hoexer, (Thu Aug 16, 3:56 am)
Re: ipsec vpn?, Sergey Prysiazhnyi, (Wed Aug 22, 6:56 pm)
Re: ipsec vpn?, Steve B, (Thu Aug 16, 9:43 pm)
Re: ipsec vpn?, Markus Friedl, (Fri Aug 17, 2:53 am)
Re: ipsec vpn?, Steve B, (Sat Aug 18, 4:44 pm)
Re: ipsec vpn?, Steve B, (Tue Aug 21, 12:07 am)
Re: ipsec vpn?, Steve B, (Sat Aug 18, 4:32 pm)
Re: ipsec vpn?, Hans-Joerg Hoexer, (Fri Aug 17, 2:40 am)
Re: ipsec vpn?, Hans Hoexer, (Wed Aug 15, 5:13 pm)
Re: ipsec vpn?, Steve B, (Tue Aug 14, 12:00 am)
Re: ipsec vpn?, Stuart Henderson, (Tue Aug 14, 3:49 am)

Mail archive search
Enter your search terms.
Optionally limit your search to a specific mailing list.
advanced
Colocation donated by:
Who's online
There are currently 5 users and 1174 guests online.

Online users

Syndicate
Syndicate content
© 2007 KernelTrap.  |  Powered by Drupal.  |  Legal statement.
speck-geostationary