-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mitja Mu>enih wrote: > I don't want to be annoying but I have people breathing down my back. Sorry to hear that. > > Does anyone at all have a working [peer-ID] section in isakmpd.conf? > Well, what I have looks like
[...] [Phase 1] a.b.c.d= peer-remote [Phase 2] Passive-connections= vpn-remote-internal [peer-remote] Phase= 1 Transport= udp Address= a.b.c.d Local-Address= w.x.y.z Configuration= Default-main-mode Authentication= ohsosecret [vpn-remote-internal] Phase= 2 ISAKMP-peer= peer-remote Configuration= Default-quick-mode Local-ID= myself Remote-ID= remote [myself] ID-type= IPV4_ADDR_SUBNET Network= e.f.g.0 Netmask= 255.255.255.0 [Phase2-ID] ID-type= FQDN Name= my.fq.dn [remote] ID-type= IPV4_ADDR_SUBNET Network= a.b.c.d Netmask= 255.255.255.255 > I mean something similar to: > > [ABCD-peer] > Phase=1 > Transport=udp > Address=aaa.bbb.ccc.ddd > Configuration=ABCD-main-mode > ID=ABCD-ID > Authentication=xxxxxxxx > > [ABCD-ID] > ID-type=USER_FQDN > Name=yyyyyyyyyyyyyy > > No matter what I put in ID-type tag, I get > > 001543.959050 Default ipsec_id_size: section ABCD-ID has no "ID-type" tag > > No spaces or other additional characters anywhere. Is this a bug in parser? > > > i386, on 3.6-stable and -current. > > >>-----Original Message----- >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >>On Behalf Of Mitja Mu>enih >>Sent: Tuesday, August 30, 2005 12:31 AM >>To: misc@openbsd.org >>Subject: isakmpd: section has no "ID-type" tag >> >>I've been working on this for hours after an already long >>day, so I'm tired. >>What am I missing here? >> >>001543.953108 Misc 95 conf_get_str: [ABCD-peer]:ID->ABCD-ID >>001543.956103 Misc 95 conf_get_str: configuration value not found >>[ABCD-ID]:ID-type >>001543.959050 Default ipsec_id_size: section ABCD-ID has no >>"ID-type" tag >>001543.962081 Default exchange_run: doi->initiator (0x8abf3400) failed >> >># cat isakmpd.conf >>[Phase 1] >>aaa.bbb.ccc.ddd=ABCD-peer >> >>[Phase 2] >>Connections=ABCD-conn >> >>[ABCD-peer] >>Phase=1 >>Transport=udp >>Address=aaa.bbb.ccc.ddd >>Configuration=ABCD-main-mode >>ID=ABCD-ID >>Authentication=xxxxxxxx >> >>[ABCD-ID] >>ID-type=USER_FQDN >>Name=yyyyyyyyyyyyyy >> >>[ABCD-conn] >>Phase=2 >>Configuration=ABCD-quick-mode >>ISAKMP-peer=ABCD-peer >>Local-ID=default-route >>Remote-ID=ABCD-net >> >>[default-route] >>ID-type= IPV4_ADDR_SUBNET >>Network= 192.168.123.0 >>Netmask= 255.255.255.0 >> >>[KLNR-net] >>ID-type= IPV4_ADDR_SUBNET >>Network= aaa.bbb.eee.0 >>Netmask= 255.255.255.0 >> >>[ABCD-main-mode] >>DOI= IPSEC >>EXCHANGE_TYPE= AGGRESSIVE >>Transforms= 3DES-SHA >> >>[ABCD-quick-mode] >>DOI= IPSEC >>EXCHANGE_TYPE= QUICK_MODE >>Suites= QM-ESP-3DES-SHA-SUITE >> >> >>Sorry for the obfuscation, had to. No additional characters >>at the end of >>the lines in [ABCD-ID] section. >> >>Tried on 3.6-stable and latest snapshot, i386. >> >> >>Regards, Mitja > > - -- Markus Wernig UNIX/Network Security Engineer - -> GPG: markus.wernig.net/pubkey - CA558BF7 - -> Linux User Group Bern: lugbe.ch - -> Freie Software f. die Schweiz: wilhelmtux.ch *************************************************** The only thing necessary for the triumph of evil, is for good men to do nothing. - Edmund Burke *************************************************** iD8DBQFDFGIJ8BX/d8pVi/cRArLpAKCKz0o1LHo2C79iLlTTLiwrfqTt4ACg3jin YJLoH1detWYURWKDIfFBXh4= =YxQN -----END PGP SIGNATURE-----
