Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Host to Host IPsec Not Working

103 views
Skip to first unread message

Eric

unread,
Oct 22, 2003, 12:00:41 AM10/22/03
to
I have a seemingly simple configuration here I'm testing for
host-to-host ipsec connectivity. Both machines are running 3.3
(x86). I've tried to follow the guide at the following URL..

<http://www.aei.ca/~pmatulis/pub/obsd_vpn/obsd_vpn.html>

The problem seems that the esp tunnels are not being built after
isakmpd comes up on both hosts. After starting up isakmpd, I see
the following

Here's the configs and output of `isakmpd -d -D A=99` -- help is appreciated.

Please note that I had to snip the output of isakmpd and only post
the output from a single host as it was too long to be sent
through the mailing list

HostA
=====

#; /etc/isakmpd/isakmpd.policy
#; File permissions: root:wheel 0600
KeyNote-Version: 2
Comment: Accept ESP SAs from a remote that uses the right password
Authorizer: "POLICY"
Licensees: "passphrase:mypassword"

#; /etc/isakmpd/isakmpd.conf
#; File permissions: root:wheel 0600

[General]
Listen-on=10.15.21.130

[Phase 1]
10.15.21.130=ISAKMP-peer-B

[Phase 2]
Connections=IPsec-AB

[ISAKMP-peer-B]
Phase=1
Transport=udp
Local-address=10.15.21.130
Address=10.15.92.52
Configuration=Default-main-mode
Authentication=mypassword

[IPsec-AB]
Phase=2
ISAKMP-peer=ISAKMP-peer-B
Configuration=Default-quick-mode

[Default-main-mode]
DOI=IPSEC
EXCHANGE_TYPE=ID_PROT
Transforms=3DES-SHA

[Default-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE=QUICK_MODE
Suites=QM-ESP-AES-SHA-PFS-SUITE

HostB
=====

#; /etc/isakmpd/isakmpd.policy
#; File permissions: root:wheel 0600
KeyNote-Version: 2
Comment: Accept ESP SAs from a remote that uses the right password
Authorizer: "POLICY"
Licensees: "passphrase:mypassword"

#; /etc/isakmpd/isakmpd.conf
#; File permissions: root:wheel 0600

[General]
Listen-on=10.15.92.52

[Phase 1]
10.15.21.130=ISAMP-peer-A

[Phase 2]
Connections=IPsec-BA

[ISAKMP-peer-A]
Phase=1
Transport=udp
Local-address=10.15.92.52
Address=10.15.21.130
Configuration=Default-main-mode
Authentication=mypassword

[IPsec-BA]
Phase=2
ISAKMP-peer=ISAKMP-peer-A
Configuration=Default-quick-mode

[Default-main-mode]
DOI=IPSEC
EXCHANGE_TYPE=ID_PROT
Transforms=3DES-SHA

[Default-quick-mode]
DOI=IPSEC
EXCHANGE_TYPE=QUICK_MODE
Suites=QM-ESP-AES-SHA-PFS-SUITE

HostA# isakmpd -d -D A=99
160549.534262 Default log_debug_cmd: log level changed from 0 to 99 for class 0
160549.534508 Default log_debug_cmd: log level changed from 0 to 99 for class 1
160549.534523 Default log_debug_cmd: log level changed from 0 to 99 for class 2
160549.534535 Default log_debug_cmd: log level changed from 0 to 99 for class 3
160549.534548 Default log_debug_cmd: log level changed from 0 to 99 for class 4
160549.534560 Default log_debug_cmd: log level changed from 0 to 99 for class 5
160549.534572 Default log_debug_cmd: log level changed from 0 to 99 for class 6
160549.534585 Default log_debug_cmd: log level changed from 0 to 99 for class 7
160549.534597 Default log_debug_cmd: log level changed from 0 to 99 for class 8
160549.534609 Default log_debug_cmd: log level changed from 0 to 99 for class 9
160549.534731 Sdep 80 pf_key_v2_write: iov[0]:
160549.534757 Sdep 80 02070002 02000000 01000000 c3400000
160549.534875 Sdep 80 pf_key_v2_read: msg:
160549.534910 Sdep 80 02070002 10000000 01000000 c3400000 04000e00 00000000 0300a000 a0000000
160549.534950 Sdep 80 02008000 80000000 0800a000 a0000000 07000f00 00000000 02404000 40000000
160549.534981 Sdep 80 0340c000 c0000000 07402800 c0010000 06402800 80000000 f9405000 50000000
160549.535012 Sdep 80 0c804000 00010000 03001e00 00000000 02000000 00000000 03000000 00000000
160549.535033 Sdep 80 pf_key_v2_write: iov[0]:
160549.535054 Sdep 80 02070001 02000000 02000000 c3400000
160549.535091 Sdep 80 pf_key_v2_read: msg:
160549.535124 Sdep 80 02070001 10000000 02000000 c3400000 04000e00 00000000 0300a000 a0000000
160549.535154 Sdep 80 02008000 80000000 0800a000 a0000000 07000f00 00000000 02404000 40000000
160549.535183 Sdep 80 0340c000 c0000000 07402800 c0010000 06402800 80000000 f9405000 50000000
160549.535213 Sdep 80 0c804000 00010000 03001e00 00000000 02000000 00000000 03000000 00000000
160549.535232 Sdep 80 pf_key_v2_write: iov[0]:
160549.535253 Sdep 80 02070009 02000000 03000000 c3400000
160549.535286 Sdep 80 pf_key_v2_read: msg:
160549.535319 Sdep 80 02070009 10000000 03000000 c3400000 04000e00 00000000 0300a000 a0000000
160549.535351 Sdep 80 02008000 80000000 0800a000 a0000000 07000f00 00000000 02404000 40000000
160549.535381 Sdep 80 0340c000 c0000000 07402800 c0010000 06402800 80000000 f9405000 50000000
160549.535411 Sdep 80 0c804000 00010000 03001e00 00000000 02000000 00000000 03000000 00000000
160549.663966 Misc 90 conf_load_defaults : main mode DES-MD5-GRP1
[snip of loading lots of main mode ciphers]
160549.666523 Misc 90 conf_load_defaults : main mode CAST-SHA-RSA_SIG
160549.686030 Misc 90 conf_load_defaults : quick mode QM-AH-TRP-AES-RIPEMD-PFS-GRP5-SUITE
[snip of loading lots of quick mode ciphers]
160549.686059 Misc 90 conf_load_defaults : quick mode QM-AH-TRP-AES-RIPEMD-PFS-SUITE
160549.686133 Misc 95 conf_get_str: configuration value not found [General]:Listen-on
160549.686150 Misc 95 conf_set: [General]:Listen-on->10.15.92.52
160549.686167 Misc 95 conf_get_str: configuration value not found [Phase 1]:10.15.21.130
160549.686181 Misc 95 conf_set: [Phase 1]:10.15.21.130->ISAMP-peer-A
160549.686194 Misc 95 conf_get_str: configuration value not found [Phase 2]:Connections
160549.686208 Misc 95 conf_set: [Phase 2]:Connections->IPsec-BA
160549.686221 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Phase
160549.686235 Misc 95 conf_set: [ISAKMP-peer-A]:Phase->1
160549.686249 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Transport
160549.686263 Misc 95 conf_set: [ISAKMP-peer-A]:Transport->udp
160549.686276 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Local-address
160549.686294 Misc 95 conf_set: [ISAKMP-peer-A]:Local-address->10.15.92.52
160549.686309 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Address
160549.686324 Misc 95 conf_set: [ISAKMP-peer-A]:Address->10.15.21.130
160549.686337 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Configuration
160549.686352 Misc 95 conf_set: [ISAKMP-peer-A]:Configuration->Default-main-mode
160549.686366 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Authentication
160549.686381 Misc 95 conf_set: [ISAKMP-peer-A]:Authentication->mypassword
160549.686394 Misc 95 conf_get_str: configuration value not found [IPsec-BA]:Phase
160549.686408 Misc 95 conf_set: [IPsec-BA]:Phase->2
160549.686421 Misc 95 conf_get_str: configuration value not found [IPsec-BA]:ISAKMP-peer
160549.686435 Misc 95 conf_set: [IPsec-BA]:ISAKMP-peer->ISAKMP-peer-A
160549.686448 Misc 95 conf_get_str: configuration value not found [IPsec-BA]:Configuration
160549.686463 Misc 95 conf_set: [IPsec-BA]:Configuration->Default-quick-mode
160549.686491 Misc 95 conf_get_str: configuration value not found [Default-main-mode]:DOI
160549.686507 Misc 95 conf_set: [Default-main-mode]:DOI->IPSEC
160549.686520 Misc 95 conf_get_str: configuration value not found [Default-main-mode]:EXCHANGE_TYPE
160549.686535 Misc 95 conf_set: [Default-main-mode]:EXCHANGE_TYPE->ID_PROT
160549.686548 Misc 95 conf_get_str: configuration value not found [Default-main-mode]:Transforms
160549.686563 Misc 95 conf_set: [Default-main-mode]:Transforms->3DES-SHA
160549.686576 Misc 95 conf_get_str: configuration value not found [Default-quick-mode]:DOI
160549.686591 Misc 95 conf_set: [Default-quick-mode]:DOI->IPSEC
160549.686604 Misc 95 conf_get_str: configuration value not found [Default-quick-mode]:EXCHANGE_TYPE
160549.686619 Misc 95 conf_set: [Default-quick-mode]:EXCHANGE_TYPE->QUICK_MODE
160549.686632 Misc 95 conf_get_str: configuration value not found [Default-quick-mode]:Suites
160549.686647 Misc 95 conf_set: [Default-quick-mode]:Suites->QM-ESP-AES-SHA-PFS-SUITE
160549.686664 Misc 95 conf_get_str: configuration value not found [General]:Retransmits
160549.686679 Misc 95 conf_set: [General]:Retransmits->3
160549.686692 Misc 95 conf_get_str: configuration value not found [General]:Exchange-max-time
160549.686707 Misc 95 conf_set: [General]:Exchange-max-time->120
160549.686720 Misc 95 conf_get_str: configuration value not found [General]:Policy-file
160549.686735 Misc 95 conf_set: [General]:Policy-file->/etc/isakmpd/isakmpd.policy
160549.686748 Misc 95 conf_get_str: configuration value not found [X509-certificates]:CA-directory
160549.686763 Misc 95 conf_set: [X509-certificates]:CA-directory->/etc/isakmpd/ca/
160549.686777 Misc 95 conf_get_str: configuration value not found [X509-certificates]:Cert-directory
160549.686792 Misc 95 conf_set: [X509-certificates]:Cert-directory->/etc/isakmpd/certs/
160549.686805 Misc 95 conf_get_str: configuration value not found [X509-certificates]:Private-key
160549.686820 Misc 95 conf_set: [X509-certificates]:Private-key->/etc/isakmpd/private/local.key
160549.686837 Misc 95 conf_get_str: configuration value not found [X509-certificates]:CRL-directory
160549.686852 Misc 95 conf_set: [X509-certificates]:CRL-directory->/etc/isakmpd/crls/
160549.686865 Misc 95 conf_get_str: configuration value not found [KeyNote]:Credential-directory
160549.686879 Misc 95 conf_set: [KeyNote]:Credential-directory->/etc/isakmpd/keynote/
160549.686892 Misc 95 conf_get_str: configuration value not found [LIFE_MAIN_MODE]:LIFE_TYPE
160549.686907 Misc 95 conf_set: [LIFE_MAIN_MODE]:LIFE_TYPE->SECONDS
160549.686920 Misc 95 conf_get_str: configuration value not found [LIFE_MAIN_MODE]:LIFE_DURATION
160549.686935 Misc 95 conf_set: [LIFE_MAIN_MODE]:LIFE_DURATION->3600,60:86400
160549.686948 Misc 95 conf_get_str: configuration value not found [LIFE_QUICK_MODE]:LIFE_TYPE
160549.686962 Misc 95 conf_set: [LIFE_QUICK_MODE]:LIFE_TYPE->SECONDS
160549.686975 Misc 95 conf_get_str: configuration value not found [LIFE_QUICK_MODE]:LIFE_DURATION
160549.686992 Misc 95 conf_set: [LIFE_QUICK_MODE]:LIFE_DURATION->1200,60:86400
160549.687005 Misc 95 conf_get_str: configuration value not found [Default-phase-1-configuration]:EXCHANGE_TYPE
160549.687020 Misc 95 conf_set: [Default-phase-1-configuration]:EXCHANGE_TYPE->ID_PROT
160549.687034 Misc 95 conf_get_str: configuration value not found [Default-phase-1-configuration]:Transforms
160549.687049 Misc 95 conf_set: [Default-phase-1-configuration]:Transforms->3DES-SHA-RSA_SIG
160549.687062 Misc 95 conf_get_str: configuration value not found [DES-MD5-GRP1]:ENCRYPTION_ALGORITHM
160549.687077 Misc 95 conf_set: [DES-MD5-GRP1]:ENCRYPTION_ALGORITHM->DES_CBC
160549.687090 Misc 95 conf_get_str: configuration value not found [DES-MD5-GRP1]:HASH_ALGORITHM
160549.687104 Misc 95 conf_set: [DES-MD5-GRP1]:HASH_ALGORITHM->MD5
160549.687118 Misc 95 conf_get_str: configuration value not found [DES-MD5-GRP1]:AUTHENTICATION_METHOD
160549.687133 Misc 95 conf_set: [DES-MD5-GRP1]:AUTHENTICATION_METHOD->PRE_SHARED
160549.687151 Misc 95 conf_get_str: configuration value not found [DES-MD5-GRP1]:GROUP_DESCRIPTION
160549.687166 Misc 95 conf_set: [DES-MD5-GRP1]:GROUP_DESCRIPTION->MODP_768
160549.687180 Misc 95 conf_get_str: configuration value not found [DES-MD5-GRP1]:Life

[snip]

160549.844824 Misc 95 conf_set: [QM-AH-TRP-AES-RIPEMD-PFS-XF]:Life->LIFE_QUICK_MODE
160549.844846 Misc 95 conf_get_str: [Phase 2]:Connections->IPsec-BA
160549.844871 Timr 10 timer_add_event: event connection_checker(0x1ba9e0) added last, expiration in 0s
160549.844891 Misc 95 conf_get_str: configuration value not found [IPsec-BA]:Flags
160549.844908 Misc 95 conf_get_str: configuration value not found [IPsec-BA]:Local-ID
160549.844923 Default connection_record_passive: "Local-ID" is missing from section [IPsec-BA]
160549.844937 Default connection_init: could not record connection "IPsec-BA"
160549.844951 Misc 95 conf_get_str: configuration value not found [Phase 2]:Passive-Connections
160549.844996 Plcy 30 policy_init: initializing
160549.845016 Misc 95 conf_get_str: [General]:Policy-file->/etc/isakmpd/isakmpd.policy
160549.845244 Misc 95 conf_get_str: [X509-certificates]:CA-directory->/etc/isakmpd/ca/
160549.845286 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/ca/
160549.861028 Misc 95 conf_get_str: [X509-certificates]:Cert-directory->/etc/isakmpd/certs/
160549.861053 Cryp 40 x509_read_from_dir: reading certs from /etc/isakmpd/certs/
160549.861172 Misc 95 conf_get_str: [X509-certificates]:CRL-directory->/etc/isakmpd/crls/
160549.861191 Cryp 40 x509_read_crls_from_dir: reading CRLs from /etc/isakmpd/crls/
160549.861309 Cryp 10 x509_read_crls_from_dir: opendir ("/etc/isakmpd/crls/") failed: No such file or directory
160549.861326 Default x509_crl_init: x509_read_from_dir failed
160549.861499 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861567 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861607 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861647 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861687 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861727 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861768 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861808 Misc 95 conf_get_str: [General]:Listen-on->10.15.92.52
160549.861870 Trpt 70 transport_add: adding 0x11c180
160549.861887 Trpt 95 transport_reference: transport 0x11c180 now has 1 references
160549.861922 Trpt 70 transport_add: adding 0x11c1c0
160549.861938 Trpt 95 transport_reference: transport 0x11c1c0 now has 1 references
160549.861975 Trpt 70 transport_add: adding 0x11c200
160549.861991 Trpt 95 transport_reference: transport 0x11c200 now has 1 references
160549.888171 Timr 10 timer_handle_expirations: event connection_checker(0x1ba9e0)
160549.888210 Misc 95 conf_get_str: configuration value not found [General]:check-interval
160549.888229 Timr 10 timer_add_event: event connection_checker(0x1ba9e0) added last, expiration in 60s
160549.888256 SA 90 sa_find: no SA matched query
160549.888272 Sdep 70 pf_key_v2_connection_check: SA for IPsec-BA missing
160549.888290 Misc 95 conf_get_str: [IPsec-BA]:Phase->2
160549.888308 Misc 95 conf_get_str: [IPsec-BA]:ISAKMP-peer->ISAKMP-peer-A
160549.888322 SA 90 sa_find: no SA matched query
160549.888341 Misc 95 conf_get_str: [ISAKMP-peer-A]:Phase->1
160549.888356 Misc 95 conf_get_str: [ISAKMP-peer-A]:Phase->1
160549.888373 Misc 95 conf_get_str: [ISAKMP-peer-A]:Transport->udp
160549.888390 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Port
160549.888405 Misc 95 conf_get_str: [ISAKMP-peer-A]:Address->10.15.21.130
160549.888433 Misc 95 conf_get_str: [ISAKMP-peer-A]:Local-address->10.15.92.52
160549.888457 Trpt 70 transport_add: adding 0x11c240
160549.888482 Misc 95 conf_get_str: [ISAKMP-peer-A]:Configuration->Default-main-mode
160549.888504 Misc 95 conf_get_str: [Default-main-mode]:DOI->IPSEC
160549.888520 Misc 95 conf_get_str: [Default-main-mode]:EXCHANGE_TYPE->ID_PROT
160549.888543 Misc 95 conf_get_str: [General]:Exchange-max-time->120
160549.888562 Timr 10 timer_add_event: event exchange_free_aux(0x119700) added last, expiration in 120s
160549.888578 Misc 95 conf_get_str: [ISAKMP-peer-A]:Configuration->Default-main-mode
160549.888595 Misc 95 conf_get_str: configuration value not found [ISAKMP-peer-A]:Flags
160549.888610 Cryp 60 hash_get: requested algorithm 1
160549.888733 Exch 10 exchange_establish_p1: 0x119700 ISAKMP-peer-A Default-main-mode policy initiator phase 1 doi 1 exchange 2 step 0
160549.888754 Exch 10 exchange_establish_p1: icookie 8ae9dce3029a0ef7 rcookie 0000000000000000
160549.888768 Exch 10 exchange_establish_p1: msgid 00000000
160549.888793 Trpt 95 transport_reference: transport 0x11c240 now has 1 references
160549.888807 Mesg 90 message_alloc: allocated 0x119800
160549.888829 SA 80 sa_reference: SA 0x119900 now has 1 references
160549.888843 SA 70 sa_enter: SA 0x119900 added to SA list
160549.888857 SA 80 sa_reference: SA 0x119900 now has 2 references
160549.888899 SA 60 sa_create: sa 0x119900 phase 1 added to exchange 0x119700 (ISAKMP-peer-A)
160549.888915 SA 80 sa_reference: SA 0x119900 now has 3 references
160549.888950 Misc 95 conf_get_str: [Default-main-mode]:Transforms->3DES-SHA
160549.888977 Misc 95 conf_get_str: [3DES-SHA]:ENCRYPTION_ALGORITHM->3DES_CBC
160549.888994 Misc 95 conf_get_str: [3DES-SHA]:HASH_ALGORITHM->SHA
160549.889010 Misc 95 conf_get_str: [3DES-SHA]:AUTHENTICATION_METHOD->PRE_SHARED
160549.889026 Misc 95 conf_get_str: [3DES-SHA]:GROUP_DESCRIPTION->MODP_1024
160549.889042 Misc 95 conf_get_str: [3DES-SHA]:Life->LIFE_MAIN_MODE
160549.889063 Misc 95 conf_get_str: [LIFE_MAIN_MODE]:LIFE_TYPE->SECONDS
160549.889079 Misc 95 conf_get_str: [LIFE_MAIN_MODE]:LIFE_DURATION->3600,60:86400
160549.889097 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:PRF
160549.889113 Misc 70 attribute_set_constant: no PRF in the 3DES-SHA section
160549.889128 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:KEY_LENGTH
160549.889143 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:FIELD_SIZE
160549.889159 Misc 95 conf_get_str: configuration value not found [3DES-SHA]:GROUP_ORDER
160549.889181 Cryp 60 hash_get: requested algorithm 1
160549.889212 Exch 90 exchange_validate: checking for required SA
160549.889237 Mesg 70 message_send: message 0x119800
160549.889256 Mesg 70 ICOOKIE: 0x8ae9dce3029a0ef7
160549.889276 Mesg 70 RCOOKIE: 0x0000000000000000
160549.889291 Mesg 70 NEXT_PAYLOAD: SA
160549.889304 Mesg 70 VERSION: 16
160549.889317 Mesg 70 EXCH_TYPE: ID_PROT
160549.889330 Mesg 70 FLAGS: [ ]
160549.889345 Mesg 70 MESSAGE_ID: 0x00000000
160549.889358 Mesg 70 LENGTH: 80
160549.889390 Mesg 70 message_send: 8ae9dce3 029a0ef7 00000000 00000000 01100200 00000000 00000050 00000034
160549.889423 Mesg 70 message_send: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
160549.889447 Mesg 70 message_send: 80030001 80040002 800b0001 800c0e10
160549.889461 Exch 40 exchange_run: exchange 0x119700 finished step 0, advancing...
160549.889478 Exch 90 exchange_lookup_by_name: ISAKMP-peer-A == ISAKMP-peer-A && 1 == 1?
160549.889507 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160549.889522 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160549.889536 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160549.889550 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160549.889680 Misc 95 conf_get_str: [General]:retransmits->3
160549.889703 Trpt 30 transport_send_messages: message 0x119800 scheduled for retransmission 1 in 7 secs
160549.889723 Timr 10 timer_add_event: event message_send_expire(0x119800) added before connection_checker(0x1ba9e0), expiration in 7s
160549.889739 Trpt 95 transport_release: transport 0x11c240 had 2 references
160549.889753 Trpt 95 transport_release: transport 0x11c200 had 2 references
160549.889766 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160549.889780 Trpt 95 transport_release: transport 0x11c180 had 2 references
160549.893692 Trpt 70 transport_add: adding 0x11c340
160549.893720 Trpt 95 transport_reference: transport 0x11c340 now has 1 references
160549.893733 Mesg 90 message_alloc: allocated 0x119a00
160549.893772 Mesg 70 message_recv: message 0x119a00
160549.893793 Mesg 70 ICOOKIE: 0xb00853a940c492d1
160549.893814 Mesg 70 RCOOKIE: 0x0000000000000000
160549.893829 Mesg 70 NEXT_PAYLOAD: NOTIFY
160549.893842 Mesg 70 VERSION: 16
160549.893855 Mesg 70 EXCH_TYPE: INFO
160549.893868 Mesg 70 FLAGS: [ ]
160549.893883 Mesg 70 MESSAGE_ID: 0x00000000
160549.893897 Mesg 70 LENGTH: 40
160549.893930 Mesg 70 message_recv: b00853a9 40c492d1 00000000 00000000 0b100500 00000000 00000028 0000000c
160549.893949 Mesg 70 message_recv: 00000001 0100000e
160549.893964 SA 90 sa_find: no SA matched query
160549.893981 Mesg 50 message_parse_payloads: offset 28 payload NOTIFY
160549.893999 Mesg 60 message_validate_payloads: payload NOTIFY at 0x11c39c of message 0x119a00
160549.894015 Mesg 70 DOI: IPSEC
160549.894028 Mesg 70 PROTO: ISAKMP
160549.894041 Mesg 70 SPI_SZ: 0
160549.894055 Mesg 70 MSG_TYPE: NO_PROPOSAL_CHOSEN
160549.894081 Misc 95 conf_get_str: [General]:Exchange-max-time->120
160549.894101 Timr 10 timer_add_event: event exchange_free_aux(0x119b00) added last, expiration in 120s
160549.894116 Cryp 60 hash_get: requested algorithm 1
160549.894166 Exch 10 exchange_setup_p1: 0x119b00 <unnamed> <no policy> policy responder phase 1 doi 1 exchange 5 step 0
160549.894183 Exch 10 exchange_setup_p1: icookie b00853a940c492d1 rcookie 3ca7d7597b37a277
160549.894197 Exch 10 exchange_setup_p1: msgid 00000000
160549.894212 Exch 90 exchange_validate: checking for required INFO
160549.894227 Misc 30 ipsec_responder: phase 1 exchange 5 step 0
160549.894240 Exch 10 ipsec_responder: got NOTIFY of type NO_PROPOSAL_CHOSEN
160549.894260 Exch 10 exchange_finalize: 0x119b00 <unnamed> <no policy> policy responder phase 1 doi 1 exchange 5 step 0
160549.894275 Exch 10 exchange_finalize: icookie b00853a940c492d1 rcookie 3ca7d7597b37a277
160549.894289 Exch 10 exchange_finalize: msgid 00000000
160549.894305 Timr 10 timer_remove_event: removing event exchange_free_aux(0x119b00)
160549.894319 Exch 80 exchange_free_aux: freeing exchange 0x119b00
160549.894332 Mesg 20 message_free: freeing 0x119a00
160549.894347 Trpt 95 transport_release: transport 0x11c340 had 1 references
160549.894360 Trpt 70 transport_release: freeing 0x11c340
160549.894379 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160549.894394 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160549.894408 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160549.894422 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160549.894436 Trpt 95 transport_release: transport 0x11c240 had 2 references
160549.894450 Trpt 95 transport_release: transport 0x11c200 had 2 references
160549.894464 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160549.894478 Trpt 95 transport_release: transport 0x11c180 had 2 references
160555.329076 Trpt 70 transport_add: adding 0x11c340
160555.329133 Trpt 95 transport_reference: transport 0x11c340 now has 1 references
160555.329148 Mesg 90 message_alloc: allocated 0x119a00
160555.329166 Mesg 70 message_recv: message 0x119a00
160555.329186 Mesg 70 ICOOKIE: 0x895a7e9c03c1ca51
160555.329206 Mesg 70 RCOOKIE: 0x0000000000000000
160555.329221 Mesg 70 NEXT_PAYLOAD: SA
160555.329236 Mesg 70 VERSION: 16
160555.329249 Mesg 70 EXCH_TYPE: ID_PROT
160555.329263 Mesg 70 FLAGS: [ ]
160555.329279 Mesg 70 MESSAGE_ID: 0x00000000
160555.329293 Mesg 70 LENGTH: 80
160555.329326 Mesg 70 message_recv: 895a7e9c 03c1ca51 00000000 00000000 01100200 00000000 00000050 00000034
160555.329362 Mesg 70 message_recv: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
160555.329386 Mesg 70 message_recv: 80030001 80040002 800b0001 800c0e10
160555.329403 SA 90 sa_find: no SA matched query
160555.329422 Mesg 50 message_parse_payloads: offset 28 payload SA
160555.329440 Mesg 60 message_validate_payloads: payload SA at 0x11b69c of message 0x119a00
160555.329455 Mesg 70 DOI: 1
160555.329486 Misc 95 conf_get_str: [Phase 1]:10.15.21.130->ISAMP-peer-A
160555.329503 Exch 90 exchange_lookup_active: ISAMP-peer-A == ISAKMP-peer-A && 1 == 1?
160555.329524 Misc 95 conf_get_str: configuration value not found [ISAMP-peer-A]:Configuration
160555.329544 Misc 95 conf_get_str: configuration value not found [Default-phase-1-configuration]:DOI
160555.329561 Misc 95 conf_get_str: [Default-phase-1-configuration]:EXCHANGE_TYPE->ID_PROT
160555.329587 Misc 95 conf_get_str: [General]:Exchange-max-time->120
160555.329608 Timr 10 timer_add_event: event exchange_free_aux(0x119b00) added last, expiration in 120s
160555.329626 Misc 95 conf_get_str: configuration value not found [ISAMP-peer-A]:Flags
160555.329642 Cryp 60 hash_get: requested algorithm 1
160555.329695 Exch 10 exchange_setup_p1: 0x119b00 ISAMP-peer-A Default-phase-1-configuration policy responder phase 1 doi 1 exchange 2 step 0
160555.329712 Exch 10 exchange_setup_p1: icookie 895a7e9c03c1ca51 rcookie ede924f55b252ccb
160555.329829 Exch 10 exchange_setup_p1: msgid 00000000
160555.329850 Trpt 95 transport_reference: transport 0x11c340 now has 2 references
160555.329865 SA 80 sa_reference: SA 0x119c00 now has 1 references
160555.329879 SA 70 sa_enter: SA 0x119c00 added to SA list
160555.329892 SA 80 sa_reference: SA 0x119c00 now has 2 references
160555.329907 SA 60 sa_create: sa 0x119c00 phase 1 added to exchange 0x119b00 (ISAMP-peer-A)
160555.329921 SA 80 sa_reference: SA 0x119c00 now has 3 references
160555.329936 Mesg 50 message_parse_payloads: offset 40 payload PROPOSAL
160555.329951 Mesg 50 message_parse_payloads: offset 48 payload TRANSFORM
160555.329964 Mesg 50 Transform 0's attributes
160555.329979 Mesg 50 Attribute ENCRYPTION_ALGORITHM value 5
160555.329993 Mesg 50 Attribute HASH_ALGORITHM value 2
160555.331808 Mesg 50 Attribute AUTHENTICATION_METHOD value 1
160555.331823 Mesg 50 Attribute GROUP_DESCRIPTION value 2
160555.331837 Mesg 50 Attribute LIFE_TYPE value 1
160555.331851 Mesg 50 Attribute LIFE_DURATION value 3600
160555.331866 Mesg 60 message_validate_payloads: payload PROPOSAL at 0x11b6a8 of message 0x119a00
160555.331880 Mesg 70 NO: 1
160555.331894 Mesg 70 PROTO: ISAKMP
160555.331908 Mesg 70 SPI_SZ: 0
160555.331921 Mesg 70 NTRANSFORMS: 1
160555.331936 Mesg 60 message_validate_payloads: payload TRANSFORM at 0x11b6b0 of message 0x119a00
160555.331951 Mesg 70 NO: 0
160555.331964 Mesg 70 ID: 1
160555.331981 Exch 90 exchange_validate: checking for required SA
160555.331996 Misc 30 ipsec_responder: phase 1 exchange 2 step 0
160555.332011 Cryp 60 hash_get: requested algorithm 1
160555.332027 Negt 30 message_negotiate_sa: transform 0 proto 1 proposal 1 ok
160555.332071 SA 80 sa_add_transform: proto 0x11c3c0 no 1 proto 1 chosen 0x16db80 sa 0x119c00 id 1
160555.332101 Misc 95 conf_get_str: [Default-phase-1-configuration]:Transforms->3DES-SHA-RSA_SIG
160555.332133 Misc 95 conf_get_str: [3DES-SHA-RSA_SIG]:ENCRYPTION_ALGORITHM->3DES_CBC
160555.332152 Misc 95 conf_get_str: [3DES-SHA-RSA_SIG]:HASH_ALGORITHM->SHA
160555.332172 Misc 95 conf_get_str: [3DES-SHA-RSA_SIG]:AUTHENTICATION_METHOD->RSA_SIG
160555.332188 Negt 70 attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG
160555.332201 Negt 20 ike_phase_1_validate_prop: failure
160555.332214 Negt 30 message_negotiate_sa: proposal 1 failed
160555.332227 Default message_negotiate_sa: no compatible proposal found
160555.332249 Default dropped message from 10.15.21.130 port 500 due to notification type NO_PROPOSAL_CHOSEN
160555.332274 Misc 95 conf_get_str: [General]:Exchange-max-time->120
160555.332293 Timr 10 timer_add_event: event exchange_free_aux(0x119d00) added last, expiration in 120s
160555.332307 Cryp 60 hash_get: requested algorithm 1
160555.332342 Exch 10 exchange_establish_p1: 0x119d00 <unnamed> <no policy> policy initiator phase 1 doi 1 exchange 5 step 0
160555.332360 Exch 10 exchange_establish_p1: icookie 25e5401aab990ab6 rcookie 0000000000000000
160555.332373 Exch 10 exchange_establish_p1: msgid 00000000
160555.332389 Trpt 95 transport_reference: transport 0x11c340 now has 3 references
160555.332402 Mesg 90 message_alloc: allocated 0x119e00
160555.332423 Exch 90 exchange_validate: checking for required INFO
160555.332439 Mesg 70 message_send: message 0x119e00
160555.332457 Mesg 70 ICOOKIE: 0x25e5401aab990ab6
160555.332477 Mesg 70 RCOOKIE: 0x0000000000000000
160555.332492 Mesg 70 NEXT_PAYLOAD: NOTIFY
160555.332506 Mesg 70 VERSION: 16
160555.332519 Mesg 70 EXCH_TYPE: INFO
160555.332532 Mesg 70 FLAGS: [ ]
160555.332547 Mesg 70 MESSAGE_ID: 0x00000000
160555.332560 Mesg 70 LENGTH: 40
160555.332591 Mesg 70 message_send: 25e5401a ab990ab6 00000000 00000000 0b100500 00000000 00000028 0000000c
160555.332609 Mesg 70 message_send: 00000001 0100000e
160555.332624 Exch 40 exchange_run: exchange 0x119d00 finished step 0, advancing...
160555.332638 Mesg 20 message_free: freeing 0x119a00
160555.332652 Trpt 95 transport_release: transport 0x11c340 had 3 references
160555.332666 SA 80 sa_release: SA 0x119c00 had 3 references
160555.332683 Trpt 95 transport_reference: transport 0x11c340 now has 3 references
160555.332698 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160555.332712 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160555.332725 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160555.332739 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160555.332754 Trpt 95 transport_release: transport 0x11c340 had 3 references
160555.332767 Trpt 95 transport_release: transport 0x11c240 had 2 references
160555.332781 Trpt 95 transport_release: transport 0x11c200 had 2 references
160555.332795 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160555.332808 Trpt 95 transport_release: transport 0x11c180 had 2 references
160555.332840 Trpt 95 transport_reference: transport 0x11c340 now has 3 references
160555.332855 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160555.332869 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160555.332883 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160555.332897 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160555.333007 Exch 10 exchange_finalize: 0x119d00 <unnamed> <no policy> policy initiator phase 1 doi 1 exchange 5 step 1
160555.333027 Exch 10 exchange_finalize: icookie 25e5401aab990ab6 rcookie 0000000000000000
160555.333041 Exch 10 exchange_finalize: msgid 00000000
160555.333057 Timr 10 timer_remove_event: removing event exchange_free_aux(0x119d00)
160555.333071 Exch 80 exchange_free_aux: freeing exchange 0x119d00
160555.333086 Mesg 20 message_free: freeing 0x119e00
160555.333101 Trpt 95 transport_release: transport 0x11c340 had 3 references
160555.333115 Trpt 95 transport_release: transport 0x11c340 had 2 references
160555.333129 Trpt 95 transport_release: transport 0x11c240 had 2 references
160555.333143 Trpt 95 transport_release: transport 0x11c200 had 2 references
160555.333156 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160555.333170 Trpt 95 transport_release: transport 0x11c180 had 2 references
160556.900022 Timr 10 timer_handle_expirations: event message_send_expire(0x119800)
160556.900071 Mesg 70 message_send: message 0x119800
160556.900094 Mesg 70 ICOOKIE: 0x8ae9dce3029a0ef7
160556.900114 Mesg 70 RCOOKIE: 0x0000000000000000
160556.900129 Mesg 70 NEXT_PAYLOAD: SA
160556.900143 Mesg 70 VERSION: 16
160556.900156 Mesg 70 EXCH_TYPE: ID_PROT
160556.900169 Mesg 70 FLAGS: [ ]
160556.900185 Mesg 70 MESSAGE_ID: 0x00000000
160556.900199 Mesg 70 LENGTH: 80
160556.900231 Mesg 70 message_send: 8ae9dce3 029a0ef7 00000000 00000000 01100200 00000000 00000050 00000034
160556.900264 Mesg 70 message_send: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
160556.900287 Mesg 70 message_send: 80030001 80040002 800b0001 800c0e10
160556.900316 Trpt 95 transport_reference: transport 0x11c340 now has 2 references
160556.900332 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160556.900346 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160556.900360 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160556.900374 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160556.900472 Misc 95 conf_get_str: [General]:retransmits->3
160556.900495 Trpt 30 transport_send_messages: message 0x119800 scheduled for retransmission 2 in 9 secs
160556.900516 Timr 10 timer_add_event: event message_send_expire(0x119800) added before connection_checker(0x1ba9e0), expiration in 9s
160556.900533 Trpt 95 transport_release: transport 0x11c340 had 2 references
160556.900547 Trpt 95 transport_release: transport 0x11c240 had 2 references
160556.900560 Trpt 95 transport_release: transport 0x11c200 had 2 references
160556.900574 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160556.900587 Trpt 95 transport_release: transport 0x11c180 had 2 references
160605.910032 Timr 10 timer_handle_expirations: event message_send_expire(0x119800)
160605.910122 Mesg 70 message_send: message 0x119800
160605.910151 Mesg 70 ICOOKIE: 0x8ae9dce3029a0ef7
160605.910172 Mesg 70 RCOOKIE: 0x0000000000000000
160605.910188 Mesg 70 NEXT_PAYLOAD: SA
160605.910202 Mesg 70 VERSION: 16
160605.910216 Mesg 70 EXCH_TYPE: ID_PROT
160605.910230 Mesg 70 FLAGS: [ ]
160605.910245 Mesg 70 MESSAGE_ID: 0x00000000
160605.910259 Mesg 70 LENGTH: 80
160605.910292 Mesg 70 message_send: 8ae9dce3 029a0ef7 00000000 00000000 01100200 00000000 00000050 00000034
160605.910327 Mesg 70 message_send: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
160605.910350 Mesg 70 message_send: 80030001 80040002 800b0001 800c0e10
160605.910383 Trpt 95 transport_reference: transport 0x11c340 now has 2 references
160605.910399 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160605.910413 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160605.910427 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160605.910441 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160605.910550 Misc 95 conf_get_str: [General]:retransmits->3
160605.910573 Trpt 30 transport_send_messages: message 0x119800 scheduled for retransmission 3 in 11 secs
160605.910593 Timr 10 timer_add_event: event message_send_expire(0x119800) added before connection_checker(0x1ba9e0), expiration in 11s
160605.910608 Trpt 95 transport_release: transport 0x11c340 had 2 references
160605.910622 Trpt 95 transport_release: transport 0x11c240 had 2 references
160605.910635 Trpt 95 transport_release: transport 0x11c200 had 2 references
160605.910648 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160605.910662 Trpt 95 transport_release: transport 0x11c180 had 2 references
160606.338261 Trpt 70 transport_add: adding 0x11c400
160606.338297 Trpt 95 transport_reference: transport 0x11c400 now has 1 references
160606.338311 Mesg 90 message_alloc: allocated 0x119a00
160606.338326 Mesg 70 message_recv: message 0x119a00
160606.338344 Mesg 70 ICOOKIE: 0x895a7e9c03c1ca51
160606.338364 Mesg 70 RCOOKIE: 0x0000000000000000
160606.338378 Mesg 70 NEXT_PAYLOAD: SA
160606.338391 Mesg 70 VERSION: 16
160606.338405 Mesg 70 EXCH_TYPE: ID_PROT
160606.338418 Mesg 70 FLAGS: [ ]
160606.338434 Mesg 70 MESSAGE_ID: 0x00000000
160606.338447 Mesg 70 LENGTH: 80
160606.338481 Mesg 70 message_recv: 895a7e9c 03c1ca51 00000000 00000000 01100200 00000000 00000050 00000034
160606.338516 Mesg 70 message_recv: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
160606.338540 Mesg 70 message_recv: 80030001 80040002 800b0001 800c0e10
160606.338555 Mesg 90 message_recv: dropping setup for existing SA
160606.338568 Mesg 20 message_free: freeing 0x119a00
160606.338583 Trpt 95 transport_release: transport 0x11c400 had 1 references
160606.338597 Trpt 70 transport_release: freeing 0x11c400
160606.338613 Trpt 95 transport_reference: transport 0x11c340 now has 2 references
160606.338628 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160606.338642 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160606.338656 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160606.338671 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160606.338685 Trpt 95 transport_release: transport 0x11c340 had 2 references
160606.338700 Trpt 95 transport_release: transport 0x11c240 had 2 references
160606.338714 Trpt 95 transport_release: transport 0x11c200 had 2 references
160606.338728 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160606.338742 Trpt 95 transport_release: transport 0x11c180 had 2 references
160616.920034 Timr 10 timer_handle_expirations: event message_send_expire(0x119800)
160616.920093 Mesg 70 message_send: message 0x119800
160616.920120 Mesg 70 ICOOKIE: 0x8ae9dce3029a0ef7
160616.920141 Mesg 70 RCOOKIE: 0x0000000000000000
160616.920157 Mesg 70 NEXT_PAYLOAD: SA
160616.920172 Mesg 70 VERSION: 16
160616.920186 Mesg 70 EXCH_TYPE: ID_PROT
160616.920200 Mesg 70 FLAGS: [ ]
160616.920218 Mesg 70 MESSAGE_ID: 0x00000000
160616.920233 Mesg 70 LENGTH: 80
160616.920265 Mesg 70 message_send: 8ae9dce3 029a0ef7 00000000 00000000 01100200 00000000 00000050 00000034
160616.920298 Mesg 70 message_send: 00000001 00000001 00000028 01010001 00000020 00010000 80010005 80020002
160616.920321 Mesg 70 message_send: 80030001 80040002 800b0001 800c0e10
160616.920352 Trpt 95 transport_reference: transport 0x11c340 now has 2 references
160616.920367 Trpt 95 transport_reference: transport 0x11c240 now has 2 references
160616.920382 Trpt 95 transport_reference: transport 0x11c200 now has 2 references
160616.920396 Trpt 95 transport_reference: transport 0x11c1c0 now has 2 references
160616.920411 Trpt 95 transport_reference: transport 0x11c180 now has 2 references
160616.920506 Misc 95 conf_get_str: [General]:retransmits->3
160616.920526 Default transport_send_messages: giving up on message 0x119800
160616.920538 Mesg 20 message_free: freeing 0x119800
160616.920554 Trpt 95 transport_release: transport 0x11c240 had 2 references
160616.920568 SA 80 sa_release: SA 0x119900 had 3 references
160616.920582 Trpt 95 transport_release: transport 0x11c340 had 2 references
160616.920596 Trpt 95 transport_release: transport 0x11c240 had 1 references
160616.920609 Trpt 70 transport_release: freeing 0x11c240
160616.920623 Trpt 95 transport_release: transport 0x11c200 had 2 references
160616.920637 Trpt 95 transport_release: transport 0x11c1c0 had 2 references
160616.920651 Trpt 95 transport_release: transport 0x11c180 had 2 references

Eric

unread,
Oct 22, 2003, 2:04:55 AM10/22/03
to
My humble apologies for multiple messages on this thread. I
assumed that the mailing list server was silently dropping long
messages. I'll flame myself to spare you the trouble.

Turning on the torch...

- Eric

Hakan Olsson

unread,
Oct 22, 2003, 3:15:50 AM10/22/03
to
On Tue, 21 Oct 2003, Eric wrote:
...

> The problem seems that the esp tunnels are not being built after
> isakmpd comes up on both hosts. After starting up isakmpd, I see
> the following
...

160549.894240 Exch 10 ipsec_responder: got NOTIFY of type
NO_PROPOSAL_CHOSEN

The other side does not accept this side's suggestion of algorithms and
lifetimes. Check your configurations to make sure they match.

If you see a "check_policy: negotiated SA failed policy" messade, it means
your isakmpd.policy is to restrictive (or you have an error in it, which
would also cause failure). The above warning can be a result of this
problem. The other side's isakmpd debuglog will tell.

/H

Btw, this part indicates a config file problem:

> 160555.332101 Misc 95 conf_get_str: [Default-phase-1-configuration]:Transforms->3DES-SHA-RSA_SIG
> 160555.332133 Misc 95 conf_get_str: [3DES-SHA-RSA_SIG]:ENCRYPTION_ALGORITHM->3DES_CBC
> 160555.332152 Misc 95 conf_get_str: [3DES-SHA-RSA_SIG]:HASH_ALGORITHM->SHA
> 160555.332172 Misc 95 conf_get_str: [3DES-SHA-RSA_SIG]:AUTHENTICATION_METHOD->RSA_SIG
> 160555.332188 Negt 70 attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG
> 160555.332201 Negt 20 ike_phase_1_validate_prop: failure
> 160555.332214 Negt 30 message_negotiate_sa: proposal 1 failed
> 160555.332227 Default message_negotiate_sa: no compatible proposal found
> 160555.332249 Default dropped message from 10.15.21.130 port 500 due to notification type NO_PROPOSAL_CHOSEN

The other side suggested PRE_SHARED keys authentication, but the transform
here was -RSA_SIG, i.e using certificates.

This would account for the above problem too. (We suggest RSA_SIG, the
other side expected PRE_SHARED.)

Hans-Joerg Hoexer

unread,
Oct 22, 2003, 3:48:44 AM10/22/03
to
Hi,

On Tue, Oct 21, 2003 at 08:33:49PM -0500, Eric wrote:
> (x86). I've tried to follow the guide at the following URL..
> <http://www.aei.ca/~pmatulis/pub/obsd_vpn/obsd_vpn.html>

as Hakans pointed out, your configuration is incomplete.

Instead of using someones howto from somewhere on the net I would suggest
this: Read isakmpd.conf(5) and use the example isakmpd.conf from this manpage
as a starting point. It is a quite complete and valueable and known to work
example.

Cheers,
Hans

--
pub 1024D/513AEFD9 1999-12-18 Hans-Joerg Hoexer
<Hans-Joe...@yerbouti.franken.de>
Key fingerprint = 83D2 436A 0D3C 34A9 E0FF 4C33 35F6 617C 513A EFD9

Culibrk

unread,
Oct 23, 2003, 7:11:06 AM10/23/03
to
On Wed, 2003-10-22 at 06:04, Eric wrote:
> My humble apologies for multiple messages on this thread. I
> assumed that the mailing list server was silently dropping long
> messages.

Looks not ... we're all doomed!

German Garcia

unread,
Oct 23, 2003, 10:05:49 AM10/23/03
to
I've received two messages like this from you, both on the
same day, summing up about 4 megs. Seems a little oversized to me.
Could you please limit the size of your mails ?
Thanks,

On Tue, Oct 21, 2003 at 08:33:49PM -0500, Eric wrote:

> I have a seemingly simple configuration here I'm testing for
> host-to-host ipsec connectivity. Both machines are running 3.3

...

--
German Garcia |Debian GNU/Linux
<gega...@gmx.net>|Un grano de arena, llevado por el viento,
Buenos Aires |puede introducirse en cualquier mecanismo y
Argentina |detener la maquina mas poderosa o sofisticada

0 new messages