[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 2.8 breaks isakmpd
Kenneth Ingham wrote:
>
> On Fri, Nov 17, 2000 at 10:30:21PM -0500, Angelos D. Keromytis wrote:
>
, I just did this, config'ed and built a new kernel, and rebooted.
> No change. I still get the Mac thinking it has an SA, the OpenBSD
> machine having no idea about it, and the
> isakmpd: pf_key_v2_write: writev (3, 0x0x118440, 6) failed: Invalid argument
> message in /var/log/messages.
>
> Kenneth
Hello,
And for a second I thought I was doing something wrong(I went over my
isakmpd.conf and the man page for like zillion times this weekend), and
I too(sigh) have this same problem.
OpenBSD 2.8-current on a i386
Windows 2000 running PGPnet 7.0(commercial)
I CVS up'd the source after installing a snapshot. And have rebuilt the
kernel and the userland programs.
Ok, now for the problem,
Acc. to http://www.allard.nu/openbsd/, I have the isakmpd.conf and
isakmpd.policy, BUT the sysctl differs in 2.8, and the field
net.inet.ip.ipsec-acl=0 # 0=disable IPsec ingress ACL checking
is no longer present in 2.8-current . Either case, I have
net.inet.esp.enable=1 # 1=Enable the ESP IPSec protocol
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
defined in my sysctl.conf.PGPnet is installed, and a SA is created(acc.
to the PGPnet), I run isakmpd:
isakmpd -c /etc/isakmpd.conf -d
I get something like this, on stderr
isakmpd: pf_key_v2_write: writev (3, 0x0x118440, 8) failed: Invalid
argument
A Ping from the PGPnet machine to OpenBSD times out(and the Log window
shows xx packets sent/none recived). When the PGPnet machine is pinged
from the OpenBSD box, PGPnet discards the packets, saying they are not
secured.
netstat -rn -f encap on OpenBSD shows nothing connected.
When the session from the windows machine to the OpenBSD is started,
tcpdump shows traffic going through.
Well, I have all the debug logs from isakmpd, tcpdump, and PGPnet. If
some wants to have a look at these, I would be happy to post these.
Thanks
//Kevin