[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

VPN dropping connections

To: <misc@openbsd.org>
Subject: VPN dropping connections
From: "Generic Player" <genericplayer2@home.com>
Date: Sun, 2 Sep 2001 19:58:37 -0400

I seem to be having an issue with my VPN.  I am using 2.9 current as of
the beginning of august, but I had the same problem with 2.9 release and
a couple 2.8 snapshots.  Everything will be fine, and then all of a
sudden I'll just lose connectivity through the VPN for no apparent
reason, ipsakmpd is still running fine, there's nothing logged anywhere,
it just stops working, I can't ping anything on the other side.  The
other side of the VPN is currently freeswan, but used to be openbsd, and
the other side also had this issue before it got moved to freeswan.  I'm
not really that knowledgable about IPSec, what all do I need to provide
for someone to be able to guess at what I am doing wrong?  Here's my
isakmpd.policy and .conf if there's anything else I need to supply, let
me know.

# cat isakmpd.policy
Comment: This policy accepts ESP SAs from a remote that uses the right
password.
Authorizer: "POLICY"
Conditions: app_domain == "IPsec policy" &&
                esp_present == "yes" &&
                esp_enc_alg != "null" -> "true";

# cat isakmpd.conf
[General]
Retransmits=            5
Check-Interval=         15
Exchange-max-time=      120
Listen-on=              MY_IP_ADDRESS_HERE

[Phase 1]
Default=                secureremote
REMOTE_IP_ADDR=         them

[Phase 2]
Connections=            them-int

#PHASE 1
#############

[them]
Phase=                  1
Port=                   500
Transport=              udp
Local-address=          MY_IP_ADDRESS_HERE
Address=                REMOTE_IP_ADDR
Configuration=          Default-main-mode
Authentication=         SECRET_IS_HERE

#PHASE 2
#############

[them-int]
Phase=                  2
ISAKMP-peer=            them
Configuration=          Default-quick-mode
Local-ID=               default-route
Remote-ID=              them-remote

#NETWORKS
##############

[default-route]
ID-type=                IPV4_ADDR_SUBNET
Network=                172.30.75.0
Netmask=                255.255.255.0

[them-remote]
ID-type=                IPV4_ADDR_SUBNET
Network=                172.30.1.0
Netmask=                255.255.255.0

#TYPES

[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-MD5

[Default-aggressive-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          AGGRESSIVE
Transforms=             3DES-MD5

[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-3DES-MD5-PFS-SUITE

# Main mode transforms
######################

# 3DES

[3DES-MD5]
ENCRYPTION_ALGORITHM=   3DES_CBC
HASH_ALGORITHM=         MD5
AUTHENTICATION_METHOD=  PRE_SHARED
GROUP_DESCRIPTION=      MODP_1024
Life=                   LIFE_3600_SECS

# Quick mode protection suites
##############################
# 3DES

[QM-ESP-3DES-MD5-PFS-SUITE]
Protocols=              QM-ESP-3DES-MD5-PFS


# Quick mode protocols
#############################
# 3DES

[QM-ESP-3DES-MD5-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-3DES-MD5-PFS-XF

# Quick mode transforms
#############################
# 3DES

[QM-ESP-3DES-MD5-PFS-XF]
TRANSFORM_ID=                   3DES
ENCAPSULATION_MODE=             TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_MD5
GROUP_DESCRIPTION=              MODP_1024
Life=                           LIFE_8_HOURS


Sorry its so long, obviously things like MY_IP_ADDRESS_HERE are actually
my real IP in the config file.
Thanks for any help
Adam

Follow-Ups:
- Re: VPN dropping connections
  - From: Hakan Olsson <ho@crt.se>

Prev by Date: Re: Intel Newbie questions...
Next by Date: panic: trap from apm0 in DECpc LPv+ 486DX2
Prev by thread: Re: Intel Newbie questions...
Next by thread: Re: VPN dropping connections
Index(es):
- Date
- Thread