[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: VPN and OpenBSD 2.9

To: Victor <victord@paid.com>
Subject: Re: VPN and OpenBSD 2.9
From: Hakan Olsson <ho@crt.se>
Date: Tue, 14 Aug 2001 17:27:56 +0200 (CEST)
Cc: <misc@openbsd.org>

On Tue, 14 Aug 2001, Victor wrote:
> > On Wed, Aug 01, 2001 at 10:19:26AM -0600, Mark Gangl wrote:
> > > /etc/isakmpd/isakmpd.policy on both gateways is:
> > > KeyNote-Version: 2
> > > Comment: This policy accepts ESP SAs from a remote that uses the right
> > > Authorizer: "POLICY"
> > > Licensees: "passphrase:whywontthiswork"
> > > Conditions: app_domain == "IPSec policy" &&
> > >             esp_present == "yes" &&
> > >             esp_enc_alg != "null" -> "true";
> > >
> >
> > On Thu, Aug 02, 2001 at 11:58:01AM +0200, Hakan Olsson wrote:
> > > Oops. The manual page should not have had _this_ as an example (it's
> > > wrong). Sorry about this.
>
> What is wrong with this policy? I don't notice any error.

That quote of mine was taken out of context. It had nothing to do with
policy.

My comment was regardning the fact that the example isakmpd configuration
supplied in the isakmpd.conf(5) manual page contained a couple of phase 2
suites that did not work together (due to differing DH groups).

/H

--
Håkan Olsson <ho@crt.se>        (+46) 708 437 337     Carlstedt Research
Unix, Networking, Security      (+46) 31 701 4264        & Technology AB

Follow-Ups:
- Re: VPN and OpenBSD 2.9
  - From: Mikhail Sobolev <mikhail.sobolev@transas.com>

References:
- Re: VPN and OpenBSD 2.9
  - From: "Victor" <victord@paid.com>

Prev by Date: Tripwire
Next by Date: kernel recompile
Prev by thread: Re: VPN and OpenBSD 2.9
Next by thread: Re: VPN and OpenBSD 2.9
Index(es):
- Date
- Thread