[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec between OpenBSD and FreeBSD

Matthias Teege wrote,

> Moin,
> I try to encrypt a wireless link between an openbsd router with
> isakmpd and a freebsd router with racoon. The network looks like this:
> -|                                |- internet
>                 - - - - -
>                 | OpenBSD/ster      FreeBSD/bullet
> -| isakmpd           racoon
> is a dmz and I want to encrypt all traffic from the dmz
> to the internet and reverse. Traffic from dmz to »..2.0/24« should be
> possible without encryption.
> After setup and starting racoon the isakmpd shows me:
> 165331.230650 Default x509_read_crls_from_dir: opendir
> ("/etc/isakmpd/crls/") failed: No such file or directory
> 165331.230949 Default x509_crl_init: x509_read_from_dir failed

Create a directory /etc/isakmpd/crls/

> 165357.182168 Default udp_create: address "" not understood

I think your isakmpd.conf is wrong.

> What does this message mean?

The daemon can not bind the UDP Port 500.

> isakmpd.conf
> [General]
> Policy-File=            /etc/isakmpd/isakmpd.policy
> Retransmits=5
> Exchange-max-time=120
> Listen-on=

Is it possible that does not exist?
ifconfig -a would be interesting.

Or some whitespace problems in your config.

> There is also another problem I see in the log of my packetfilter.
> After starting racoon and isakmpd all traffic fraom dmz to
> goes to the defaultroute

Because your SA's say so.
 ID-type=                IPV4_ADDR_SUBNET

> ipsecadm flow -dst -addr
> -in -acquire
> ipsecadm flow -src -addr
> -out -acquire

This means, your OpenBSD machine should sent all outgoing traffic
through the established tunnel.


8485 D0CE 2743 656E 867C  5C93 0317 AFD8 BE21 BD90

Visit your host, monkey.org