[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Fw: It Works...Re:Manual Keying Example Problems....
- To: <tech@openbsd.org>
- Subject: Fw: It Works...Re:Manual Keying Example Problems....
- From: "G3k" <koaps@g3k.cc>
- Date: Tue, 2 Oct 2001 07:50:27 -0700
It works..
I also got 3des working... after reading man vpn closer I see that you use
160 bits for the auth key and 192 for the encode key...
I also had to put the keys in files and use -keyfile and -authkeyfile
instead of puttin the actual key strings in my script...
Seems to be working though...
Now to get IP forwarding / NAT working right on the firewall..
L8rs
KoAps
----- Original Message -----
From: "KoAps" <koaps@g3k.cc>
To: "Tech" <tech@openbsd.org>
Sent: Monday, October 01, 2001 6:35 PM
Subject: It Works...Re:Manual Keying Example Problems....
> FIY
>
> Yup,
>
> It works... I setup a Test Router that uses the OpenBSD server as it's
> Gateway and I can Ping the other Side of the Distant Server and from the
> Distant Server I can Ping the router, which has a IP of 192.168.1.10...
Non
> Routable..
>
> And this time no replies from a NAT Addy....
>
> To ReCap...
> I used the Manual Examples from man vpn, and I changed the SA's to use blf
> not 3des...
> I will mess with enc0 and tcpdump to besure the Tunnel is golden..
Laters...
>
> L8rZ,
>
> )\_/(
> < o,0 >
> ~
> \ /
>
> KoAps
>
>
>
> ----- Original Message -----
> From: "KoAps" <koaps@g3k.cc>
> To: "Tech" <tech@openbsd.org>
> Sent: Monday, October 01, 2001 6:04 PM
> Subject: Re: Manual Keying Example Problems....
>
>
> OK,
>
> Closer YET!!!
>
> The Problems now I have are routing issues with my Network.. Nothing I can
> do about that... Well, I could but not worth it for this...
>
> So, What worked for me is this....
>
> man vpn(8)
>
http://www.openbsd.org/cgi-bin/man.cgi?query=vpn&sektion=8&apropos=0&manpath
> =OpenBSD+Current
>
> I just went there copied the manual Keying example into notepad(got to
love
> windows) then I simply replaced the A_INTERNAL_NETWORK,
B_INTERNAL_NETWORK,
> blah blah, with my ips.
>
> that didn't work... it's because in those examples the SA uses 3des with I
> noted before with my ISAKMPD issues, it seem like OpenBSD 2.9 DOESN'T
> support 3des, at least a All install of it didn't...
>
> that was extremely apparent to me when I made the SA there own shell
script,
> ran it, got a invalid error twice...
> I got this before when I was trying these examples..
>
> http://rt.fm/~jcs/ipsec_wep.html
>
> Which is kwel and I'm planning on doing it two on the same box...
>
> As soon as I changed the 3des to blf, it took the commands with no
errors...
> I got the tunnel up
> I can push ping through it... sort of.. on one side I get only one reply
> and on the other I get replies from a NAT address from my Firewall...
>
> The first I'm not sure what's going on, but the second is obvious to me...
>
> If the Outside address is what's in the header to ping the router(which is
> under the firewall) well I could see it wanting to reply Via It's
> gateway(which isn't the OpenBSD Server Running IPSec) and thus getting
> nat'd, so it's like one way encryption, I send a ping from my distant
> OpenBSD server, it gets decrypted and send to the inner network on the
> inside interface on the BSD server, the route gets it then replies with
it's
> own gateway... have to set up another device to test that uses the BSD
> server as it's gateway....
>
> L8rZ,
>
> )\_/(
> < o,0 >
> ~
> \ /
>
> KoAps
>
>
>
> ----- Original Message -----
> From: "KoAps" <koaps@g3k.cc>
> To: "Tech" <tech@openbsd.org>
> Sent: Monday, October 01, 2001 3:12 PM
> Subject: Manual Keying Example Problems....
>
>
> Well,
>
> Since I got stuck when trying ISAKMPD and no one helped me try to fix it,
> I'm now trying to build the Tunnel Manually..
>
> Following the Example on the OpenBSD Faq the fails to work...
>
> this is why...
>
> ipsecadm: use of flag "-spi" is deprecated with flow creation or deletion
> write: Invalid argument
>
> So I check the Man... completely Different then the FAQ... So I try it....
>
> ipsecadm new esp -enc 3des -auth sha1 -spi 100a -dst 192.168.1.1 -src
> 192.168.3.1 -key
> badbeef15deadbeefabadbeef15deadbeefabadbeef15deadbeef -authkey
> 12349876432167890192837465098273
>
> just says...
>
> write: Invalid argument
>
> ARG!!!!!
>
> This SUKS!!! Doesn't even say what is wrong....Seems like everything is
> different then what is the right way to do it...does anyone have any doc
> that actually works and pertains to OpenBSD 2.9.....
>
> L8rZ,
>
> )\_/(
> < o,0 >
> ~
> \ /
>
> KoAps