[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

isakmpd.conf using x509 authentification



Hello OpenBSD!
Hello Mathieu!

Does anybody have an idea, what could be wrong with this files?


*********************************************************************
*********************************************************************
HOST MOO with IP 110.138.0.22

[General]
Retransmits=          5
Exchange-max-time=    120
Listen-on=            110.138.0.22
Policy-file=          /etc/isakmpd/isakmpd.policy

[Phase 1]
13.122.10.147 =loo

[Phase 2]
Connections= moo-loo

[loo]
Phase=            1
Transport=        udp
Port=             500
Local-address=    110.138.0.22
Address=          13.122.10.147
Configuration=    Default-main-mode

[moo-loo]
Phase=            2
ISAKMP-peer=      loo
Configuration=    Default-quick-mode
Local-ID=         Net-moo
Remote-ID=        Net-loo

[Net-moo]
ID-type=          IPV4_ADDR_SUBNET
Network=          110.138.0.0
Netmask=          255.255.255.0

[Net-loo]
ID-type=          IPV4_ADDR_SUBNET
Network=          13.122.10.0
Netmask=          255.255.255.0

[Default-main-mode]
DOI=              IPSEC
EXCHANGE_TYPE=    ID_PROT
Transforms=       3DES-SHA

[Default-quick-mode]
DOI=              IPSEC
EXCHANGE_TYPE=    QUICK_MODE
Suites=           QM-ESP-3DES-SHA-PFS-SUITE

[ x509-certificates]
CA-directory=     /etc/isakmpd/ca/
Cert-directory=   /etc/isakmpd/certs/
Private-key=      /etc/isakmpd/private/local.key

[3DES-SHA]
ENCRYPTION_ALGORITHM=   3DES_CBC
HASH_ALGORITHM=         SHA
AUTHENTICATION_METHOD=  RSA_SIG
GROUP_DESCRIPTION=      MODP_1024
Life=                   LIFE_60_SECS

[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols=              QM-ESP-3DES-SHA-PFS

[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-3DES-SHA-PFS-XF

[QM-ESP-3DES-SHA-PFS-XF]

TRANSFORM_ID=           3DES
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_SHA
GROUP_DESCRIPTION=      MODP_1024
Life=                   LIFE_60_SECS

[LIFE_60_SECS]
LIFE_TYPE=              SECONDS
LIFE_DURATION=          60,45:72

**********************************************************
**********************************************************

***********************************************************
**********************************************************
Host LOO 13.122.10.147

[General]
Retransmits=         5
Exchange-max-time=   120
Policy-file=         /etc/isakmpd/isakmpd.policy
Listen-on=           13.122.10.147

[Phase 1]
110.138.0.22=         moo

[Phase 2]
Connections=         loo-moo

[moo]
Phase=               1
Transport=           udp
Port=                500
Local-address=       13.122.10.147
Address=             110.138.0.22
Configuration=       Default-main-mode

[loo-moo]
Phase=               2
ISAKMP-peer=         moo
Configuration=       Default-quick-mode
Local-ID=            Net-loo
Remote-ID=           Net-moo

[Net-moo]
ID-type=             IPV4_ADDR_SUBNET
Network=             110.138.0.0
Netmask=             255.255.255.0

[Net-loo]
ID-type=             IPV4_ADDR_SUBNET
Network=             13.122.10.0
Netmask=             255.255.255.0

[Default-main-mode]
DOI=                 IPSEC
EXCHANGE_TYPE=       ID_PROT
Transforms=          3DES-SHA

[Default-quick-mode]
DOI=                 IPSEC
EXCHANGE_TYPE=       QUICK_MODE
Suites=              QM-ESP-3DES-SHA-PFS-SUITE


[ x509-certificates]
CA-directory=     /etc/isakmpd/ca/
Cert-directory=   /etc/isakmpd/certs/
Private-key=      /etc/isakmpd/private/local.key


[3DES-SHA]
ENCRYPTION_ALGORITHM=   3DES_CBC
HASH_ALGORITHM=         SHA
AUTHENTICATION_METHOD=  RSA_SIG
GROUP_DESCRIPTION=      MODP_1024
Life=                   LIFE_60_SECS

[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols=              QM-ESP-3DES-SHA-PFS

[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID=            IPSEC_ESP
Transforms=             QM-ESP-3DES-SHA-PFS-XF

[QM-ESP-3DES-SHA-PFS-XF]

TRANSFORM_ID=           3DES
ENCAPSULATION_MODE=     TUNNEL
AUTHENTICATION_ALGORITHM=       HMAC_SHA
GROUP_DESCRIPTION=      MODP_1024
Life=                   LIFE_60_SECS

[LIFE_60_SECS]
LIFE_TYPE=              SECONDS
LIFE_DURATION=          60,45:72