[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: VPN ISAKMPD
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: VPN ISAKMPD
- From: Steve Murdoch <murdoch-technology_(_at_)_bigpond_(_dot_)_com>
- Date: Sun, 28 Nov 2004 16:37:51 +1100
I have disabled pf without any benefit. My testing has been from one
gateway to the internal address of the other gateway. I have tried now
to ping a device on the remote network but still from the local gateway,
still without luck. If the tunnel wont work if initiated from the
gateway then this is my problem. Is that the case ?
I am using ssh to opertate from the local gateway at the moment so I
cant ping from an internal w/station
pf was a typo sorry slippery fingers. :)
Waldemar Brodkorb wrote:
Steve Murdoch wrote,
I still have had no joy with this issue. I feel I am missing something
simple but cannot identify it. I have two machines both with 3.6 that I
am trying to setup a vpn between. The openbsd boxes are both behind
cisco routers which allow traffic to port udp 500 and protocol 50
If I am reading the output correctly, the tunnel is being established
but I cannot ping the remote network from either side. tcpdump -i enc0
shows no activity.
I couldnt find too much information on the routing process for the VPN
so I have directed the traffic for the remote internal network to the
local gateway ip address. I was thinking this should be directed to enc0
but I couldnt get this to occur.
Any thoughts or feedback would be appreciated.
You do not need any static routes. Your isakmpd will manage the
routes if correctly configured.
Have you tried to ping from one gateway to one host inside the
remote lan? You only configured a VPN tunnel for traffic between the
local networks, not between the VPN gateways.
#TAIL OF MINCH ISAKMPD -D -DA=99
Please provide not only the last lines, show us isakmpd -D -DA=40
# HILLS_GATEWAY pf.conf
HILLS_GATEWAY = "777.777.84.226/32"
MINCH_GATEWAY = "666.666.192.45/32"
HILLS_NETWORK = "192.168.0.0/24"
MINCH_NETWORK = "10.0.50.0/24"
I hope this is only a typo here and not in your real pf.conf :}
In the first step I would try to establish a VPN connection without
activated pf, to minimize the sources of errors.
Visit your host, monkey.org