[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd problem?

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: isakmpd problem?
From: asd asd <pocketticket_(_at_)_yahoo_(_dot_)_com_(_dot_)_au>
Date: Mon, 7 May 2001 08:12:15 +1000 (EST)

i have two 2.8 boxes, one generic kernel another with
a stripped down generic. After reading
http://www.sigmasoft.com/~openbsd/archive/openbsd-misc/200104/msg01551.html
(Subject: How-To: 2.8-stable *and* isakmpd from
jason_(_at_)_macrosys_(_dot_)_com) i cvs up-ed
the isakmpd sources, compiled and installed them.
Now i do have ping between public addrs of the boxes,
do have a proper auth (almost there are no error
messages), and routes like this are created:

# netstat -rnf encap
Routing tables

Encap:
Source             Port  Destination        Port 
Proto SA(Address/Proto/Type/Direction)
10.0.0/24          0     172.16/16          0     0   
 1.2.3.4/50/require/in
172.16/16          0     10.0.0/24          0     0   
 1.2.3.4/50/require/out

The problem seems to be the same: esp traffic goes
from
one side to another but it doesn't seems to reach the
internal network, ie a ping from 10.0.0.3 to
172.16.0.1
generates esp traffic that strikes on tcpdump proto
esp
on the other side and 172.16.0.1 doesn't get the
request. Same on both directions. 
ipf rules doesn't restrict any traffic.
I'm using a copy of the east-west config files with
ip addresses changed to fit my needs; the policy file
is just 

KeyNote-Version: 2
Comment: This policy accepts ESP SAs from a ...
Authorizer: "POLICY"
Licensees: "passphrase:mekmitasdigoat"

What can i do now?

thanks

rick
- It's time you had your business online!

Prev by Date: how to update OpenBSD, in general...
Next by Date: How to make IPF log messages not appear on root's terminal?
Previous by thread: Re: how to update OpenBSD, in general...
Next by thread: How to make IPF log messages not appear on root's terminal?
Index(es):
- Date
- Thread

Visit your host, monkey.org