Hello all,
Currently my brother and I try to set up a vpn using isakmpd between two
OBSD 3.8 boxes. We had a similar vpn working before. We both changed ADSL
providers and thought it is time for an upgrade. However...
Our vpn refuses to work. We singled out a possible firewall problem. The
pflog is quet and even after a '$pfctl -F rules' we keep the same problem. A
'tcpdump -i xl1 port 500' shows that both sided receive cookies, but nothing
more:
like this
$ tcpdump -i xl1 port 500
13:24:47.067067 broeahs.net.isakmp > daim.broeahs.net.isakmp: isakmp v1.0
exchange ID_PROT
cookie: 385103343a680645->9c61c0d839d1d9ec msgid: 00000000 len: 168
13:24:48.878894 daim.broeahs.net.isakmp > broeahs.net.isakmp: isakmp v1.0
exchange ID_PROT
cookie: 7fd785c9ee93e8fe->31884d57a94e56a0 msgid: 00000000 len: 168
The debuggin' info gives messages like this:
132740.737518 Exch 40 exchange_establish_finalize: finalizing exchange
0x7cdb9b0 0 with arg 0x85e318d0 (daim-dimitri) & fail = 1
132740.736495 SA 90 sa_find: no SA matched query
132641.268445 Default transport_send_messages: giving up on exchange
dimitri, no response from peer 194.109.199.156:500
My question is: What is happening here? How is it possible there is traffic
on both sides on port 500 but the two are not able to get decent contact?
Thank you in advance.
Daom
