[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISKMPD broken by patches?

Add the crls directory to /etc/isakmpd to elim. this error. This in itself
will not cause isakmpd to fail. Are you sure it's actually failing? 

Run netstat -rn -f encap 
Review if routing entries exist for your VPN networks

Run isakmpd -d -DA=90 and include the output for additional troubleshooting

-----Original Message-----
From: OpenBSD [mailto:openbsd_(_at_)_nfri_(_dot_)_com]
Sent: Thursday, July 03, 2003 12:34 PM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ISKMPD broken by patches?

I am trying to figure out why I am getting some problems with my ISAKMPD
setup when the only thing that has changed is I updated the src from the
patches and make'd everything.

The problem has come to light with the ISAKMPD because I am moving my
firewall to a new macchine so I did the reinstall copied over the
necessary files from my old 3.3 box (the patches not updated).  The
files I keep from the old install are: dhcpd.conf, isakmpd.conf,
isakmpd.policy, and pf.conf

When I try and run isakmpd I get the error:
112832.131439 Default x509_crl_init: x509_read_from_dir failed

This is confusing since I don't use X509 certs yet...and like I said,
this was all working on a 3.3 machine yesterday with the same files -
the patches being the only change.  I thought about moving to the x509
certs rather than shared secret, but I need this up asap and I don't
know that will fix the problem anyhow.  I did check the archives but I
didn't find anything that seemed to relate - especially since this
worked on another machine...

With that in mind, if I back down to the /usr/src from the cd, rebuild
the kernel and recompile stuff will that take me back to -release or
should I just reinstall from the cd again?

In a world without boundaries why
do we need Gates and Windows?

Visit your host, monkey.org