[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Isakmpd and SSH Sentinel 1.3.2

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Isakmpd and SSH Sentinel 1.3.2
From: "Alexey Arkhipov" <archi_(_at_)_detmir_(_dot_)_ru>
Date: Tue, 16 Jul 2002 14:19:07 +0400

Hi,

I play Openbsd 3.1 isakmpd and SSH Sentinel 1.3.2.
I look http://www.allard.nu/openbsd/sentinel/
and  have next problem :



# isakmpd -d -D9=99
125319.446544 Plcy 30 policy_init: initializing
125324.046181 Default x509_cert_obtain: ID is missing
125324.047807 Default exchange_add_certs: could not obtain cert for a type 

4 cert request
125324.049182 Default exchange_run: doi->responder (0x12af00) failed

# cat /etc/isakmpd/isakmpd.conf
[General]
Policy-File=    /etc/isakmpd/isakmpd.policy
Listen-on=      172.16.0.21

[Phase 1]
Default=                ISAKMP-clients

[Phase 2]
Passive-Connections=    IPsec-clients


# Phase 1 peer sections
#######################

[ISAKMP-clients]
Phase=                  1
Transport=              udp
Configuration=          main-mode
ID=                     my-ID

[my-ID]
ID-type=                FQDN
Name=                   dmits16.dm

# Phase 2 sections
##################

[IPsec-clients]
Phase=                  2
Configuration=          quick-mode
Local-ID=               default-host
Remote-ID=              remote-host

[default-host]
ID-type=        IPV4_ADDR
Address=        172.16.0.21

[remote-host]
ID-type=        IPV4_ADDR
Address=        0.0.0.0

#[x509-certificates]
#CA-directory=  /etc/isakmpd/ca/
#Cert-directory=        /etc/isakmpd/certs/
#Private-key=   /etc/isakmpd/private/local.key

# Transform descriptions
########################
#
# For Main Mode:
#   {DES,BLF,3DES,CAST}-{MD5,SHA}[-{DSS,RSA_SIG}]
#
# For Quick Mode:
# QM-{ESP,AH}[-TRP]-{DES,3DES,CAST,BLF,AES}[-{MD5,SHA,RIPEMD}][-PFS]-SUITE

# Main -and quick mode transforms

[main-mode]
DOI=IPSEC
EXCHANGE_TYPE=ID_PROT
Transforms=BLF-SHA-RSA_SIG

[quick-mode]
DOI=IPSEC
EXCHANGE_TYPE=QUICK_MODE
Suites=QM-ESP-AES-SHA-SUITE

# cat /etc/isakmpd/isakmpd.policy
KeyNote-Version: 2
Authorizer: "POLICY"
Conditions: app_domain == "IPsec policy" &&
            esp_present == "yes" &&
            esp_enc_alg != "null" -> "true";

#




Best regards !
                           Alexey Arkhipov

E-mail: archi_(_at_)_detmir_(_dot_)_ru
Phone:     + 7 095 7810906

Prev by Date: EOD was:[Re: Contribute to pf(4)]
Next by Date: Re: Contribute to pf(4)
Previous by thread: Re: EOD was:[Re: Contribute to pf(4)]
Next by thread: Re: Q-Logic card
Index(es):
- Date
- Thread

Visit your host, monkey.org