[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Isakmpd and enc0 - what next
- To: "'Michael H. Semcheski'" <mhs_(_at_)_aylix_(_dot_)_com>, misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: Isakmpd and enc0 - what next
- From: Katasonov Sergey <Katasonov_s_(_at_)_kmb_(_dot_)_ru>
- Date: Wed, 29 Jan 2003 09:20:03 +0300
Try to add route to remote network on each secure gateway
From: Michael H. Semcheski [mailto:mhs_(_at_)_aylix_(_dot_)_com]
Sent: Tuesday, January 28, 2003 8:39 PM
Subject: Isakmpd and enc0 - what next
I think I finally have isakmpd setup between two OpenBSD firewall / routers.
I am pretty sure everything I set up is more or less setup correctly, and I
am guessing there is some step I am not aware of or may have overlooked.
I have made alterations to isakmpd.conf, isakmpd.policy, and though the
policy is probably relatively lax, for now it seems to work. "isakmpd -d"
doesn't seem to produce any messages.
As I look at my pf rules, they seem alright.
Here is the output for netstat -rn:
Source Port Destination Port Proto
192.168.1/24 0 192.168.2/24 0 0
192.168.2/24 0 192.168.1/24 0 0
As far as I can tell, this is more or less what I should see (where
xxx.xxx.xxx.xxx is the address of the remote gateway I am trying to connect
to, which seems to be in order).
I ran on both sides:
ifconfig enc0 up
>From 192.168.1.1 when I try to ping 192.168.2.1, or vice versa, I get no
good result. Just drops the packets. tcpdump'ing pflog0 and enc0 show me
no traffic on either side.
So, I feel that this is very close to being setup correctly, and I wonder if
anyone could give me a push in the right direction or suggest something I
may have overlooked. I suppose I am just at the point where I don't know
what I should be looking at.
Visit your host, monkey.org