Hi,
On Sun, 15.05.2005 at 21:42:53 -0700, Sean Knox <[EMAIL PROTECTED]> wrote:
Is anyone using IKE mode config successfully with isakmpd? I'm trying to
yes, I have no problems with it (using it for all roaming users).
Thanks Tony.--that gave me some more confidence to try again with a different client. I had no problem with IKECFG with our Windows users (Safenet Softremote). Seems to work well. Does anyone know if OpenSWAN's IKECFG works? (linux IPSEC client) Recent versions say there is experimental support.
213528.813268 Default x509_DN_string: d2i_X509_NAME failed 213528.813291 Default cfg_initiator_send_ATTR: cannot parse ID 213528.813315 Default exchange_run: doi->initiator (0x3c145980) failed
You somehow specified the name wrongly.
Unfortunately, I have no clue what the VPN Tracker client is actually sending. VPN Tracker also has problems using NAT-T, so I'm pretty confident it's mangling packets or sending something jackass, at least.
I don't see anything obvious in a packet capture, but I'm not sure what I'm looking for in this case.
Post an IKECFG section, and possibly a snippet from isakmpd.policy.
For reference, here are my IKECFG sections that seem to work (With Softremote clients, anyway):
isakmpd.conf IKECFG sections:
Flags = IKECFG ...
[ufqdn/[EMAIL PROTECTED] Address = 10.10.50.1 Netmask = 255.255.255.0
my isakmpd.policy is simple:
Keynote-version: 2
Comment: allow
Authorizer: "POLICY"
licensees: "DN:/C=US/ST=CA/L=San Francisco/O=obstacle9.com/CN=ob9 CA"
Conditions: app_domain == "IPsec policy" && esp_present == "yes" && esp_enc_alg != "null" -> "true";
