... .com > Cc: Misc OpenBSD > Subject: Re: isakmpd -- NCP IPsec client: peer proposed > ... 1, len 248) > : > > If I setup an IPsec tunnel between 2 OpenBSD hosts, then the ... =192.168.1.249 while your windows client is sending IPV4_ADDR_SUBNET for 192.168.1 ...

openbsd-misc - Mitja Muženič - Jun 30 2008 - 03:38

... I am trying to setup an IPsec connection between OpenBSD > and WindowsXP (NCP ... : SA len: 92 DOI: 1(IPSEC) situation: IDENTITY_ONLY > payload: PROPOSAL len: 40 ... negotiation packet > sent by the NCP IPsec client on Windows. > > Anybody got an ...

openbsd-misc - Prabhu Gurumurthy - Jun 27 2008 - 13:16

... I am trying to setup an IPsec connection between OpenBSD and WindowsXP (NCP ... payload: SA len: 92 DOI: 1(IPSEC) situation: IDENTITY_ONLY payload: PROPOSAL len: 40 ... negotiation packet sent by the NCP IPsec client on Windows. Anybody got an ...

openbsd-misc - Harald Dunkel - Jun 27 2008 - 09:10

... the remote Windows laptop running NCP IPsec client.) So I doubt that this ... len 248) : If I setup an IPsec tunnel between 2 OpenBSD hosts, then ... to be fine for isakmpd. The questions are: Does NCP's IPsec client violate some RFC? Can isakmpd ...

openbsd-misc - Harald Dunkel - Jun 30 2008 - 03:17

... .168.1.249 while your > windows client is sending IPV4_ADDR_SUBNET for 192.168.1 ... > will not match. > Does NCP client violate some RFC by sending IPV4_ADDR_SUBNET ... do it. > Thats fine. AFAICS most IPsec installations will work on "real" subnets ...

openbsd-misc - Harald Dunkel - Jun 30 2008 - 05:48

Hello, can anyone please share their experience you have with this IPSEC client product, working against OpenBSD? http://www.hob.de/produkte/security/vpn.jsp So far, I was unable to test it myself ( ...

openbsd-misc - Toni Mueller - Jul 19 2007 - 06:52

... provide a possibility to assign specific PF rules to a user > or group, using IPsec for remote access. For example to exclusively > allow User A to access ... A and user B to access System B. Yes, read about tags in ipsec.conf(5) and pf.conf(5).

openbsd-misc - Stuart Henderson - May 10 2008 - 06:31

... 168.1.249/32 into IPV4_ADDR=192.168.1.249 while your >> windows client is sending IPV4_ADDR_SUBNET for 192.168.1.249/32, and this >> will not match. >> > > Does NCP client violate some RFC by sending IPV4_ADDR_SUBNET for > 192.168.1.249/ ...

openbsd-misc - Stuart Henderson - Jun 30 2008 - 07:21

Hi, Does OpenBSD provide a possibility to assign specific PF rules to a user or group, using IPsec for remote access. For example to exclusively allow User A to access System A and user B to access System B. Thx in advance. Met ...

openbsd-misc - Paul Liebregts - May 9 2008 - 18:10

PS: If I don't define any remote networks in NCP client, then it tries to send all ip traffic via esp to the OpenBSD gateway, but isakmpd whoes: responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id c0a801f9: 192.168.1.249, ...

openbsd-misc - Harald Dunkel - Jun 30 2008 - 07:03

On 2008-06-30, Mitja Mu>enih wrote: > It is not a problem within isakmpd, it will accept IPV4_ADDR_SUBNET of size > /32. It would make more sense for isakmpd to treat IPV4_ADDR_SUBNET /32 and IPV4_ADDR as equivalent, otherwise I

openbsd-misc - Stuart Henderson - Jun 30 2008 - 05:46