[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Creation of VPN is dragging - Looking to pay to complete it

To: Steve <steve@videogroup.com>
Subject: Re: Creation of VPN is dragging - Looking to pay to complete it
From: Hakan Olsson <ho@rfc.se>
Date: Fri, 13 Feb 2004 10:10:46 +0100 (CET)
Cc: misc@openbsd.org
References: <200402121355.56079.steve@videogroup.com>

Run isakmpd with the -L option and mail me (and/or the list) the 'tcpdump
-nvs1400 -r /var/run/isakmpd.pcap' output. Also include the responders
isakmpd.conf file. If you see any isakmpd messages in /var/log/daemon,
include those as well.

Now, if you get "policy_check" warnings in /var/log/daemon, you need to
fix isakmpd.policy to permit your selected proposal(s) (3DES/SHA/DH-2
etc). Starting with the sample policy that permits everything, get the VPN
working, and then tightening the policy is a proven method.

Otherwise, the tcpdump output will show what the initiator proposes, and
the isakmpd.conf file (phase 1 peer configuration) will say what the
responder can accept -- at least one side needs to be "corrected".

/H

On Thu, 12 Feb 2004, Steve wrote:

> Hi,
>
> I've been plugging away at creating a VPN with shared keys but I cannot find
> enough data to tell what is wrong to fix it myself. So, I'm looking to pay
> someone to walk me through to completion of a shared key setup. Then later
> a KeyNote management system.
>
> This may be done by different people for all I care. I've posted my
> isakmpd.conf files and they look fine I'm told. But I'm still getting No
> Proposal Chosen and I have flushed both sides and restarted them to no
> avail.

References:
- Creation of VPN is dragging - Looking to pay to complete it
  - From: Steve <steve@videogroup.com>

Prev by Date: Re: On Soekris Install adventures...
Next by Date: [SOLVED] nic initialization
Prev by thread: Creation of VPN is dragging - Looking to pay to complete it
Next by thread: Problems building OpenSSL
Index(es):
- Date
- Thread