[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
isakmpd vpn openbsd-openbsd doesn't work at all
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: isakmpd vpn openbsd-openbsd doesn't work at all
- From: Abel Talaveron <abel_(_dot_)_talaveron_(_at_)_openwired_(_dot_)_net>
- Date: Thu, 17 Feb 2005 10:59:36 +0100
- Organization: OpenWired
Hi all,
I've achieved a perfect vpn with isakmpd and safenet windows client, but
when I try the vpn with 2 openbsd, I can do the tunnel but I have some
problems. I can see all the remote network but not my network!! When I
do a traceroute to one of my lan machines, the first hope is to the
default gw of the remote lan! I am having a trouble with interchanging
the local and remote lans, but I don't know exactly where.
Please help!!
Here are my isakmpd.conf:
openwiredinterna isakmpd.conf:
[Phase 1]
212.x.x.228= PEER-casacarles
Default= ISAKMP-clients
[Phase 2]
Connections= CONN-casacarles
Passive-Connections= IPsec-clients
# Phase 1 mobile client peer sections
#####################################
[ISAKMP-clients]
Phase= 1
Transport= udp
Configuration= Client-main-mode
Authentication= xxxx
# Phase 2 mobile client connection sections
###########################################
[IPsec-clients]
Phase= 2
Configuration= Client-quick-mode
Local-ID= local-subnet
Remote-ID= remote-client
# Mobile client ID sections
###########################
[local-subnet]
ID-type= IPV4_ADDR_SUBNET
Network= 0.0.0.0
Netmask= 0.0.0.0
[remote-client]
ID-type= IPV4_ADDR
#Address= 0.0.0.0
Network= 0.0.0.0
Netmask= 0.0.0.0
# Mobile client modes
#####################
[Client-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Client-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
[Sucursal-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Sucursal-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
# Sucursales
############
#PEER Section casacarles
[PEER-casacarles]
Phase= 1
Transport= udp
Address= 212.x.x.228
Configuration= Sucursal-main-mode
Authentication= xxxx
#CONNECTION SECTION casacarles
[CONN-casacarles]
Phase= 2
ISAKMP-peer= PEER-casacarles
Configuration= Sucursal-quick-mode
Local-ID= local-subnet
Remote-ID= ID-RemoteSubnet-casacarles
#Remote ID Section
[ID-RemoteSubnet-casacarles]
ID-type= IPV4_ADDR_SUBNET
Network= 172.16.200.0
Netmask= 255.255.255.0
casacarles isakmpd.conf:
[Phase 1]
81.x.x.60= PEER-openwiredinterna
Default= ISAKMP-clients
[Phase 2]
Connections= CONN-openwiredinterna
Passive-Connections= IPsec-clients
# Phase 1 mobile client peer sections
#####################################
[ISAKMP-clients]
Phase= 1
Transport= udp
Configuration= Client-main-mode
Authentication= carlesbonfill
# Phase 2 mobile client connection sections
###########################################
[IPsec-clients]
Phase= 2
Configuration= Client-quick-mode
Local-ID= local-subnet
Remote-ID= remote-client
# Mobile client ID sections
###########################
[local-subnet]
ID-type= IPV4_ADDR_SUBNET
Network= 0.0.0.0
Netmask= 0.0.0.0
[remote-client]
ID-type= IPV4_ADDR
#Address= 0.0.0.0
Network= 0.0.0.0
Netmask= 0.0.0.0
# Mobile client modes
#####################
[Client-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Client-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
[Sucursal-main-mode]
DOI= IPSEC
EXCHANGE_TYPE= ID_PROT
Transforms= 3DES-SHA
[Sucursal-quick-mode]
DOI= IPSEC
EXCHANGE_TYPE= QUICK_MODE
Suites= QM-ESP-3DES-SHA-SUITE
# Sucursales
############
#PEER Section openwiredinterna
[PEER-openwiredinterna]
Phase= 1
Transport= udp
Address= 81.x.x.60
Configuration= Sucursal-main-mode
Authentication= carles
#CONNECTION SECTION openwiredinterna
[CONN-openwiredinterna]
Phase= 2
ISAKMP-peer= PEER-openwiredinterna
Configuration= Sucursal-quick-mode
Local-ID= local-subnet
Remote-ID= ID-RemoteSubnet-openwiredinterna
#Remote ID Section
[ID-RemoteSubnet-openwiredinterna]
ID-type= IPV4_ADDR_SUBNET
Network= 10.0.0.0
Netmask= 255.255.255.0
Visit your host, monkey.org