[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN ISAKMPD
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: VPN ISAKMPD
- From: Waldemar Brodkorb <wbx_(_at_)_openbsd_(_dot_)_de>
- Date: Sun, 28 Nov 2004 04:32:09 +0100
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
- Reply-to: Waldemar Brodkorb <wbx_(_at_)_openbsd_(_dot_)_de>
Hi,
Steve Murdoch wrote,
> Thanks,
>
> I still have had no joy with this issue. I feel I am missing something
> simple but cannot identify it. I have two machines both with 3.6 that I
> am trying to setup a vpn between. The openbsd boxes are both behind
> cisco routers which allow traffic to port udp 500 and protocol 50
>
> If I am reading the output correctly, the tunnel is being established
> but I cannot ping the remote network from either side. tcpdump -i enc0
> shows no activity.
>
> I couldnt find too much information on the routing process for the VPN
> so I have directed the traffic for the remote internal network to the
> local gateway ip address. I was thinking this should be directed to enc0
> but I couldnt get this to occur.
>
> Any thoughts or feedback would be appreciated.
You do not need any static routes. Your isakmpd will manage the
routes if correctly configured.
Have you tried to ping from one gateway to one host inside the
remote lan? You only configured a VPN tunnel for traffic between the
local networks, not between the VPN gateways.
> #TAIL OF MINCH ISAKMPD -D -DA=99
Please provide not only the last lines, show us isakmpd -D -DA=40
> # HILLS_GATEWAY pf.conf
>
> HILLS_GATEWAY = "777.777.84.226/32"
> MINCH_GATEWAY = "666.666.192.45/32"
> HILLS_NETWORK = "192.168.0.0/24"
> MINCH_NETWORK = "10.0.50.0/24"
> EXTERNAL_IF= "rtl0"
^^^^^^^^^^^^^
I hope this is only a typo here and not in your real pf.conf :}
In the first step I would try to establish a VPN connection without
activated pf, to minimize the sources of errors.
bye
Waldemar
Visit your host, monkey.org