[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ISKMPD broken by patches?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: ISKMPD broken by patches?
- From: "Todd M. Boyer" <tboyer_(_at_)_smcteam_(_dot_)_com>
- Date: Thu, 3 Jul 2003 13:29:36 -0400
Add the crls directory to /etc/isakmpd to elim. this error. This in itself
will not cause isakmpd to fail. Are you sure it's actually failing?
Run netstat -rn -f encap
Review if routing entries exist for your VPN networks
Run isakmpd -d -DA=90 and include the output for additional troubleshooting
From: OpenBSD [mailto:openbsd_(_at_)_nfri_(_dot_)_com]
Sent: Thursday, July 03, 2003 12:34 PM
Subject: ISKMPD broken by patches?
I am trying to figure out why I am getting some problems with my ISAKMPD
setup when the only thing that has changed is I updated the src from the
patches and make'd everything.
The problem has come to light with the ISAKMPD because I am moving my
firewall to a new macchine so I did the reinstall copied over the
necessary files from my old 3.3 box (the patches not updated). The
files I keep from the old install are: dhcpd.conf, isakmpd.conf,
isakmpd.policy, and pf.conf
When I try and run isakmpd I get the error:
112832.131439 Default x509_crl_init: x509_read_from_dir failed
This is confusing since I don't use X509 certs yet...and like I said,
this was all working on a 3.3 machine yesterday with the same files -
the patches being the only change. I thought about moving to the x509
certs rather than shared secret, but I need this up asap and I don't
know that will fix the problem anyhow. I did check the archives but I
didn't find anything that seemed to relate - especially since this
worked on another machine...
With that in mind, if I back down to the /usr/src from the cd, rebuild
the kernel and recompile stuff will that take me back to -release or
should I just reinstall from the cd again?
In a world without boundaries why
do we need Gates and Windows?
Visit your host, monkey.org