[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
It Works...Re:Manual Keying Example Problems....
- To: "Tech" <tech@openbsd.org>
- Subject: It Works...Re:Manual Keying Example Problems....
- From: "KoAps" <koaps@g3k.cc>
- Date: Mon, 1 Oct 2001 18:35:23 -0700
FIY
Yup,
It works... I setup a Test Router that uses the OpenBSD server as it's
Gateway and I can Ping the other Side of the Distant Server and from the
Distant Server I can Ping the router, which has a IP of 192.168.1.10... Non
Routable..
And this time no replies from a NAT Addy....
To ReCap...
I used the Manual Examples from man vpn, and I changed the SA's to use blf
not 3des...
I will mess with enc0 and tcpdump to besure the Tunnel is golden.. Laters...
L8rZ,
)\_/(
< o,0 >
~
\ /
KoAps
----- Original Message -----
From: "KoAps" <koaps@g3k.cc>
To: "Tech" <tech@openbsd.org>
Sent: Monday, October 01, 2001 6:04 PM
Subject: Re: Manual Keying Example Problems....
OK,
Closer YET!!!
The Problems now I have are routing issues with my Network.. Nothing I can
do about that... Well, I could but not worth it for this...
So, What worked for me is this....
man vpn(8)
http://www.openbsd.org/cgi-bin/man.cgi?query=vpn&sektion=8&apropos=0&manpath
=OpenBSD+Current
I just went there copied the manual Keying example into notepad(got to love
windows) then I simply replaced the A_INTERNAL_NETWORK, B_INTERNAL_NETWORK,
blah blah, with my ips.
that didn't work... it's because in those examples the SA uses 3des with I
noted before with my ISAKMPD issues, it seem like OpenBSD 2.9 DOESN'T
support 3des, at least a All install of it didn't...
that was extremely apparent to me when I made the SA there own shell script,
ran it, got a invalid error twice...
I got this before when I was trying these examples..
http://rt.fm/~jcs/ipsec_wep.html
Which is kwel and I'm planning on doing it two on the same box...
As soon as I changed the 3des to blf, it took the commands with no errors...
I got the tunnel up
I can push ping through it... sort of.. on one side I get only one reply
and on the other I get replies from a NAT address from my Firewall...
The first I'm not sure what's going on, but the second is obvious to me...
If the Outside address is what's in the header to ping the router(which is
under the firewall) well I could see it wanting to reply Via It's
gateway(which isn't the OpenBSD Server Running IPSec) and thus getting
nat'd, so it's like one way encryption, I send a ping from my distant
OpenBSD server, it gets decrypted and send to the inner network on the
inside interface on the BSD server, the route gets it then replies with it's
own gateway... have to set up another device to test that uses the BSD
server as it's gateway....
L8rZ,
)\_/(
< o,0 >
~
\ /
KoAps
----- Original Message -----
From: "KoAps" <koaps@g3k.cc>
To: "Tech" <tech@openbsd.org>
Sent: Monday, October 01, 2001 3:12 PM
Subject: Manual Keying Example Problems....
Well,
Since I got stuck when trying ISAKMPD and no one helped me try to fix it,
I'm now trying to build the Tunnel Manually..
Following the Example on the OpenBSD Faq the fails to work...
this is why...
ipsecadm: use of flag "-spi" is deprecated with flow creation or deletion
write: Invalid argument
So I check the Man... completely Different then the FAQ... So I try it....
ipsecadm new esp -enc 3des -auth sha1 -spi 100a -dst 192.168.1.1 -src
192.168.3.1 -key
badbeef15deadbeefabadbeef15deadbeefabadbeef15deadbeef -authkey
12349876432167890192837465098273
just says...
write: Invalid argument
ARG!!!!!
This SUKS!!! Doesn't even say what is wrong....Seems like everything is
different then what is the right way to do it...does anyone have any doc
that actually works and pertains to OpenBSD 2.9.....
L8rZ,
)\_/(
< o,0 >
~
\ /
KoAps