[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Creation of VPN is dragging - Looking to pay to complete it
Run isakmpd with the -L option and mail me (and/or the list) the 'tcpdump
-nvs1400 -r /var/run/isakmpd.pcap' output. Also include the responders
isakmpd.conf file. If you see any isakmpd messages in /var/log/daemon,
include those as well.
Now, if you get "policy_check" warnings in /var/log/daemon, you need to
fix isakmpd.policy to permit your selected proposal(s) (3DES/SHA/DH-2
etc). Starting with the sample policy that permits everything, get the VPN
working, and then tightening the policy is a proven method.
Otherwise, the tcpdump output will show what the initiator proposes, and
the isakmpd.conf file (phase 1 peer configuration) will say what the
responder can accept -- at least one side needs to be "corrected".
On Thu, 12 Feb 2004, Steve wrote:
> I've been plugging away at creating a VPN with shared keys but I cannot find
> enough data to tell what is wrong to fix it myself. So, I'm looking to pay
> someone to walk me through to completion of a shared key setup. Then later
> a KeyNote management system.
> This may be done by different people for all I care. I've posted my
> isakmpd.conf files and they look fine I'm told. But I'm still getting No
> Proposal Chosen and I have flushed both sides and restarted them to no