[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd and sentinel vpn client

To: tech@openbsd.org
Subject: isakmpd and sentinel vpn client
From: "Paphanchith, Tony" <TPaphanchith@GROBSYSTEMS.COM>
Date: Fri, 12 Jul 2002 09:24:41 -0400

I can sucessfully establish a vpn with a win2k client outside of my network,
but unable to see the internal network from the win2k client.  However I can
ping the internal interface of the bsd box, and the bsd box can ping client.

|wink2k-client|-----|internet|----->|openbsd 3.1box|-----|internal net|

My isakmpd.conf:

[Phase 1]
Default= ISAKMP-clients

[Phase 2]
Passive-Connections= IPsec-clients

[ISAKMP-clients]
Phase= 1
Configuration= Sentinel-main-mode
Authentication= mypassword

[IPsec-clients]
Phase= 2
Configuration= Sentinel-quick-mode
Local-ID= Local-net
Remote-ID= Remote-host

[Local-net]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.0.0
Netmask= 255.255.255.0

[Remote-host]
ID-type= IPV4_ADDR
Address= 0.0.0.0

[Sentinel-main-mode]
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA

[Sentinel-quick-mode]
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE

My isakmpd.policy

Authorizer: "POLICY"
Conditions: app_domain == "IPsec policy" &&
                esp_present == "yes" &&
                esp_enc_alg != "null" -> "true";


I am using SSH sentinel 1.3.2 on the win2k client.  I also specified a local
address in the properties of the connection, labeled "Acquire virtual IP
address"

Can somebody give me something to troubleshoot!  I cant figure it out :(  My
goal is obviously be able to access resources on the remote network.

Prev by Date: kernel malloc
Next by Date: Re: kernel malloc
Prev by thread: Re: kernel malloc
Next by thread: Re: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread