[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
isakmpd config problems
Folks
I am having some problems getting isakmpd to work. What I originally
decided to do was start by getting the singlehost sample setup from
/usr/src/sbin/isakmpd/samples to work, then try and extend it to two
machines then get it working across a number of machines. Unfortunately I
seem to be getting nowhere and I cant seem to see where I am going wrong.
So, I was wondering if some kind soul out there could try and help me out.
Rather than try and include everything as attachments to this mail note I
have copied all the config files and rerun the singlehost-setup.sh script
with various logging levels turned on for one of the isakmpd processes to
http://www.grole.org/isakmpd/. It anybody is willing to look at the logs
and give me some hints as to where I am going wrong I would be really
grateful. So grateful in fact, that once I get things working I would be
happy to commit to writing up the missing isakmpd section for the openbsd
faq.
OK then. I guess if you are still reading this far into the mailnote you
are interested in what exactly I have tried.
I have a system on which a manual keyed ipsec tunnel can be set up, and I
believe I have all of the appropriate options compiled into the kernel.
- The kernel config files are
http://www.grole.org/isakmpd/kernel/IPSEC.i386 from sys/arch/i386/conf
http://www.grole.org/isakmpd/kernel/IPSEC.noarch from sys/conf
The exact isakmpd config files are
singlehost-setup.sh the setup script
singlehost-east.conf conf file for eastern isakmpd
singlhost-west.conf conf file for western end
policy copied to /etc/isakmpd.policy
the log files are east.logxx where xx is the logging level
netstat_rn output from netstat -rn while singlehost is running.
netstat_ss netstat -ss output
ipsec contents of /kern/ipsec while singlehost is running
If anyone has actually read this far then THANKS! Let me know if there is
any other info you need.
Peter