[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with isakmpd

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Problem with isakmpd
From: Alejandro Rusell <alejandro_rusell_(_at_)_usa_(_dot_)_net>
Date: 5 Dec 00 18:01:52 ARST
Cc: arusel_(_at_)_mecon_(_dot_)_gov_(_dot_)_ar

Hi there,

I would like to setup the following schema using IPsec:

                     172.20.16.0/21                |
                                                   |-- IPsec
    WorkStation ----  PPP link  ---- Terminal -----|   Gateway
                                      Server       |
                                                   |  172.20.8.0/21
                                                   |
                                                   |-- Server


Both workstation and IPsec Gateway are running OpenBSD 2.6.  I try to
establish a connection from WorkStation to Server (which has its IP address in
the same subnet as IPsec Gateway).

The routing table in server says that IPsec Gateway is the next hop to reach
WorkStation.  IPsec Gateway has Terminal Server address as next hop to
Workstation.  Workstation only has a default route pointing to Terminal
Server.

I am using tunnel mode, so I think the fact that the gateway only had an
interface shouldn't matter.

The SA are established (in workstation, pointing to network and to gateway),
and the same in gateway.  But if I try to ping server from workstation, the
packets just reach gateway, but don't leave to server.

TIA,

Alejandro



I have the following relevant sections in my isakmpd.conf file (based on
VPN-East and West config files):

In Workstation:

[General]
Listen-on=          172.20.16.2

[Phase 1]
172.20.11.128=      ISAKMP-gateway

[ISAKMP-gateway]
Phase=              1
Transport=          udp
Local-address=      172.20.16.2
Address=            172.20.11.128
Configuration=      Default-main-mode
Authentication=     mekmitasdigoat


[Phase 2]
Connections=        IPsec-network-workstation,IPsec-gateway-workstation

[IPsec-network-dial]
Phase=              2
ISAKMP-peer=        ISAKMP-gateway
Configuration=      Default-quick-mode
Local-ID=           ID-workstation
Remote-ID=          ID-network

[IPsec-gateway-workstation]
Phase=              2
ISAKMP-peer=        ISAKMP-gateway
Configuration=      Default-quick-mode
Local-ID=           ID-workstation
Remote-ID=          ID-gateway

[ID-workstation]
ID-type=            IPV4_ADDR
Address=            172.20.16.2

[ID-network]
ID-type=            IPV4_ADDR_SUBNET
Network=            172.20.8.0
Netmask=            255.255.248.0

[ID-gateway]
ID-type=            IPV4_ADDR
Address=            172.20.11.128


And in gateway:

[General]
Listen-on=          172.20.11.128

[Phase 1]
172.20.16.2=      ISAKMP-workstation

[ISAKMP-gateway]
Phase=              1
Transport=          udp
Local-address=      172.20.11.128
Address=            172.20.16.2
Configuration=      Default-main-mode
Authentication=     mekmitasdigoat


[Phase 2]
Connections=        IPsec-network-workstation,IPsec-gateway-workstation

[IPsec-network-dial]
Phase=              2
ISAKMP-peer=        ISAKMP-workstation
Configuration=      Default-quick-mode
Local-ID=           ID-network
Remote-ID=          ID-workstation

[IPsec-gateway-workstation]
Phase=              2
ISAKMP-peer=        ISAKMP-gateway
Configuration=      Default-quick-mode
Local-ID=           ID-gateway
Remote-ID=          ID-workstation

[ID-workstation]
ID-type=            IPV4_ADDR
Address=            172.20.16.2

[ID-network]
ID-type=            IPV4_ADDR_SUBNET
Network=            172.20.8.0
Netmask=            255.255.248.0

[ID-gateway]
ID-type=            IPV4_ADDR
Address=            172.20.11.128





____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

Prev by Date: PPP problem
Next by Date: RE: CDRDAO
Previous by thread: PPP problem
Next by thread: lame memory question
Index(es):
- Date
- Thread

Visit your host, monkey.org