[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd and unknown peers

To: tech@openbsd.org
Subject: isakmpd and unknown peers
From: "Daniel H." <shadowstruk0507@yahoo.com>
Date: Tue, 22 May 2001 14:27:15 -0700 (PDT)

Hi, I am trying to set up an OpenBSD 2.8 IPSec server.
My problem is that there will be a few peers, most of
which will not have a known address.  From what I
understand this is quite possible to do but the
problem that I am running into is lack of
documentation- what value should I put for Address? 
Im new at this, so please dont be too harsh ;) 
Anyway, here is my isakmpd.conf file, so if anyone out
there can help, please do!

[General]
Policy-File=		/etc/isakmpd/isakmpd.policy
Retransmits=		5
Exchange-max-time=	120
Listen-on=		<my.external.ip>

[Phase 1]
Default=		remotework


[Phase 2]
Connections=		localwork-remotework


[X509-certificates]
CA-directory=	/etc/isakmpd/ca/
Cert-directory=	/etc/isakmpd/certs/
Private-key=	/etc/isakmpd/private/local.key

[Work-net]
ID-type=		IPV4_ADDR_SUBNET
Network=		<internal.network>
Netmask=		<internal.subnet>


[localwork-remotework]
Phase=			1
Transport=		udp
Local-address=		<my.external.ip>
ID=			work-ID
Configuration=		Default-main-mode


[work-ID]
ID-type=		IPV4_ADDR
Name=			<my.external.ip>


[remotework]
Phase=			2
ISAKMP-peer=		remotework
Configuration=		Default-quick-mode
Local-ID=		Work-net
Remote-ID=		Remote-net


[Default-main-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		AGGRESSIVE
Transforms=		3DES-SHA


[Default-quick-mode]
DOI=			IPSEC
EXCHANGE_TYPE=		QUICK_MODE
Suites=		
QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-PFS-SUITE


[3DES-MD5]
ENCRYPTION_ALGORITHM=   3DES_CBC
HASH_ALGORITHM=         MD5
AUTHENTICATION_METHOD=  RSA_SIG
GROUP_DESCRIPTION=      MODP_1024
Life=                   LIFE_60_SECS,LIFE_1000_KB


[QM-ESP-3DES-MD5-PFS-SUITE]
Protocols=              QM-ESP-3DES-MD5-PFS


[QM-ESP-3DES-MD5-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-3DES-MD5-PFS-XF


When I try to start isakmpd, it gripes about not
having Address defined:

Misc 60 conf_get_str: configuration value not found
[localwork-remotework]:Port

Misc 60 conf_get_str: configuration value not found
[localwork-remotework]:Address

Default udp_create: no address configured for
"localwork-remotework"

Default exchange_establish: transport "udp" for peer
"localwork-remotework" could not be createdefined:


Thanks a lot for your help.  Let me know if you need
more details or have any ideas/suggestions.


Daniel H.
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/

Prev by Date: 30gb disk hang in dkcsum(?)
Next by Date: isakmpd and unknown peers
Prev by thread: Re: 30gb disk hang in dkcsum(?)
Next by thread: isakmpd and unknown peers
Index(es):
- Date
- Thread